News has broken that Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000. REvil is demanding a $50 million sum from Acer, offering until March 28 for the company to send over funds before any alleged stolen data is leaked.
Experts Comments
Ransomware attacks are a major source of income for cybercriminals with a huge reward for very little effort. The $50 million demand is the highest currently known and whilst shocking only serves to demonstrate the potential that the perpetrators see in this form of attack. Acer should not consider paying this Ransom as doing so would simply keep this as a viable business model. It should also be noted that there is no guarantee that an organisation will be able to decrypt data after
.....Read MoreWe have also seen a trend in these large-scale attacks that is troubling. The compromise of Active Directory, which is the main nerve center of delivering services to employees and applications, is being used in every attack.
Ransomware has become a global economic threat that impacts businesses of all sizes. Ransomware attackers are well resourced and equipped with sophisticated tools that used to be reserved for nation-state attackers. Many organisations are becoming victims like these
.....Read MoreAs evidenced by the recent SITA breach impacting the travel industry, today’s cyber attackers have become increasingly sophisticated with their tactics, which have grown in complexity. This evolution has several reasons, including lengthy dwell time that attackers are leveraging for their massive attacks and supply chain weaknesses where software is explicitly trusted.
Attackers are quietly exploiting these weaknesses to change policies and create backdoors. Traditional security defenses
.....Read MoreThe reported Acer ransomware attack shows that attackers use multiple campaigns to discover security weaknesses and get a foothold into organizations. Human-operated attackers discover and compromise accounts with high privileges to move laterally and deploy ransomware organization-wide. Organizations can still get ahead of these attacks. Applying data cloaking and establishing a zero-trust architecture is critical for stopping attackers from getting deeper into the trust stack. By preventing
.....Read MoreThere's still a lot of uncertainty about the extent of the attack on Acer. Not only did the REvil operation lockdown files, but they also clearly exfiltrated some portion of that data. Exfiltration before encryption is becoming increasingly popular because it gives victims two reasons to pony up the ransom: they need to both regain access to their files and attempt to prevent leaks of their data.
The part that's most disturbing about this incident, however, is the threat from the attackers
.....Read MoreIn this case, Acer was able to spot the compromise of its systems fairly quickly, but for businesses that aren’t so fast the repercussions can be even more severe.
Protecting an organisation from the impact of any attack - including ransomware - comes down to ensuring security defences are up to date, appropriately configured and by making sure employee behaviour is driven towards best practices. Focusing on these areas will help to minimise the impact of the many security issues which are
.....Read MoreRansomware is just another type of malware. It’s very important to employ multiple layers of security and monitoring controls in your environment to help prevent this type of exposure. Keeping virus signatures and patching up to date, as well as maintaining recent or real-time backups can also help limit the efficacy of this type of attack.
Devaluing data is the best way to protect sensitive information in your storage resources, which may include personally identifiable information (PII),
.....Read MoreThis was no doubt a meticulously planned attack which involved target research, professional hacking, and uncrackable encryption. As with the majority of ransomware attacks nowadays, this attack also involved data theft and the REvil gang has since taunted Acer on a message posted on a data leak website with images of stolen documents.
Fifty million dollars is a huge ransom demand, but when the victim is a high-profit business, then the world’s top ransomware gangs can afford to be cocky
.....Read MoreRansomware is no longer just about encrypting files but also stealing the data making it a multifunctional weapon. If a company has a solid backup to restore systems then the criminal gang can threaten to disclose damaging data that could directly impact the stock price, brand, employees, and potential customers.
What we are seeing with ransomware is that cybercriminals continue to abuse privileged access which enables them to steal sensitive data and deploy malicious ransomware. This means
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
While this attack at Acer may be unique in that it targeted vulnerabilities in Microsoft Exchange to trigger a massive-scale attack, this won’t be the last time we see this vulnerability exploited. It’s easy for cybercriminals to perform these attacks, and there are a plethora of unpatched Microsoft Exchange servers, creating a lethal combination. That said, other companies can learn from Acer’s situation and prepare before they’re hit.
There is nothing better than prevention, so it’s
.....Read MoreWhile this attack at Acer may be unique in that it targeted vulnerabilities in Microsoft Exchange to trigger a massive-scale attack, this won’t be the last time we see this vulnerability exploited. It’s easy for cybercriminals to perform these attacks, and there are a plethora of unpatched Microsoft Exchange servers, creating a lethal combination. That said, other companies can learn from Acer’s situation and prepare before they’re hit.
There is nothing better than prevention, so it’s really important for businesses to implement solid cyber hygiene measures. This involves mitigating high-critical vulnerabilities by automating scanning and remediation processes. Not only does this paint an accurate picture of the attack surface at all times, but it reduces IT team fatigue and improves productivity. It’s also crucial that teams keep multiple copies of backups and encrypt confidential data so they can lean on them to restore systems and operations. Implementing good cyber hygiene isn’t a one and done exercise, either; IT security teams must continuously monitor for vulnerabilities and research different attack patterns so they can fully understand their level of risk.
Read LessLinkedin Message
@Chandra Basavanna, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"There is nothing better than prevention, so it’s really important for businesses to implement solid cyber hygiene measures...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-computer-giant-acer-hit-by-50-million-ransomware-attack
Facebook Message
@Chandra Basavanna, CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"There is nothing better than prevention, so it’s really important for businesses to implement solid cyber hygiene measures...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-computer-giant-acer-hit-by-50-million-ransomware-attack