Any company is vulnerable to a ransomware attack so long as the hackers know what they’re doing, but there are some types of businesses you expect to be better prepared for such an attack than others. A big-name computer company, for example, should be able to head off such an attack with virtual ease. Failing to do so would be a public relations disaster. Suppose a well-known, big-brand computer company were to suffer a ransomware attack. In that case, it might as well advertise to its customers that it isn’t capable of safeguarding its software or equipment. It would be the ultimate nightmare scenario for a tech company – and Acer is living through that nightmare right now.
We’re writing this article in the immediate aftermath of the news breaking about the attack, so the scale of the problem isn’t clear. Some sources claim that the ransom that the attackers are looking for is a cool one hundred million dollars. Others say that the ransom is “only” fifty million. In either event, it’s a sum that Acer can’t pay without suffering severe financial consequences, and it’s far from clear that they’d get their systems back even if they were to pay. Initial reporting says that this is the same group of ransomware attackers – known as “REvil,” that went after Travelex in 2020. Ultimately, Travelex paid $2.3m to regain control over its systems and files. That turned out to be the least of the company’s problems, but the hackers are at least believed to have kept their word. The figure being asked of Acer is far higher, and as a tech firm, they shouldn’t have found themselves in this position in the first place.
Some of you are probably wondering why a ransomware group would go after such an unlikely target in the first place. There are richer companies out there, and most of those richer companies theoretically ought to have less robust security protocols. That’s misunderstanding the fundamental point of such an attack, though. To the people who perpetrate ransomware attacks, the whole process is like playing online slots with very high stakes. You don’t know whether or not you’re going to win anything when you first log in to an online slots website, but you do know that you definitely won’t win anything if you don’t try. Each spin of the reels comes at a cost, but it’s a chance of a win. A ransomware attack is a spin of the reels. Some attacks will work, and some won’t. Some companies will pay up, and some will lose. The principles are exactly the same as those of a online slots IE website, but the rewards are far higher when an attack is successful.
There’s also a growing trend for malicious hackers to see ransomware as the best opportunity to make money from their dubious profession. Improvements to security software and programming, along with a greater awareness among the general public that they shouldn’t open file attachments from unknown senders or visit “unsafe” websites, have made old-school hacking harder and less profitable. However, ransomware attacks can lock up whole networks in an instant and offer technicians no means of repairing the damage. Without the encryption key, there’s no hope, and so there’s more of a compulsion to pay. The tone was set when the WannaCry attack on the United Kingdom’s National Health service in 2017 raked in over $100m, and attacks have only become more sophisticated since then. On that occasion, it was North Korean hackers who were responsible – albeit North Korean hackers using an exploit developed in the United States of America by the NSA.
Reports about the attack on Acer first emerged through the Bleeping Computer website, which offers a little more detail on the incident. According to them, it’s likely that the attack was launched via a weakness in Microsoft Exchange. If so, that might imply that Acer has been slow to apply security patches. Microsoft has launched several vulnerability fixes for issues in Exchange within the past month, but the Taiwanese firm appears to have fallen victim anyway. The hackers have given Acer up to March 28th to pay the ransom, or all of the stolen data will be published online. The nature of the data that the hackers have gained access to isn’t currently known but is likely to include company-sensitive data. It might include financial data or perhaps information on forthcoming products and services.
As we mentioned at the start of the article, it would be a PR disaster for Acer if they openly admitted that they’d fallen victim to a cyber assault of any kind. That might explain the vague wording of the statements they’ve released thus far, which fail to specifically confirm that any such attack has taken place. Disregarding the direct questions put to the company by several publications, Acer has said that it is “constantly under attack” and has “reported recent abnormal situations to the relevant authorities.” Reading between the lines that would appear to confirm that something has happened, but Acer isn’t especially keen on the rest of the world finding out what that “something” might be. We shouldn’t discount the possibility that “REvil” is bluffing, but they weren’t bluffing when they attacked Travelex, and there would be no apparent reason for them to start doing so now.
