TL; DR: Acer again under attack and Candy Maker at risk (42nd week)

Acer Company that manufactures laptops has not been lucky in the cybersecurity field recently. However, this can also be said about the REvil ransomware gang whose website has been inaccessible. 42nd week also brought interesting surveys, one of which says that sometimes we are too cautious.

Acer again under attack

Acer, PC and Device Maker, has suffered two further cyberattacks. DESORDEN threat actors claimed the responsibility for the attacks and reported that the attack had been executed to prove their point that Acer cybersecurity was not sufficient. The attack on Taiwan server did not involve any customer data, only company data was stolen. In the second attack on India-based servers, DESORDEN managed to exfiltrate customer, accounts and financial data.

Attackers shut down

A website of the REvil ransomware gang has been shut down. It was caused by a possible leakage of private keys to an .onion domain of the REVIL gang. Later, a member of the REvil gang posted on the hacking forum the information that their server was compromised and they were shutting down the operation. It is unknown who compromised the REvil servers.

It is better to be safe than sorry

The study of two thousand adults, commissioned by BT alongside Good Things Foundation, revealed that 47% of participants are so suspicious of scams that they overlook a genuine e-mail. However, more than one in 10 were so careless that they clicked on links in e-mails without vetting them first. Four in 10 believe that it is only a matter of time before their data is stolen.

Attack on Candy Maker

Ferrara, a candy company based in Chicago has become a target of a ransomware attack. The attack disrupted the firm’s systems in all manufacturing facilities and the production was resumed in only two of them. The company confirmed that cybercriminals demanded a ransom, but had not yet announced the attacker and the amount of a ransom.

A new actor on the horizon

Symantec security researchers uncovered a previously unknown, probably, nation-state-backed actor. The group called Harvester is targeting telecommunication providers and IT companies, mostly in Afghanistan. Attackers use both their own and publicly available malware, and spear phishing messages as the initial attack vector into the victim’s network.


  • Trustwave security researchers have released a decryptor for the ransomware BlackByte.
  • American media company Sinclair Broadcast Group has become a target of a ransomware attack that disrupted the operation of several systems. It is not yet known whether any sensitive information was among the data stolen during the attack and who is responsible for the attack.
  • A potential leak of more than 100,000 social security numbers in Missouri USA will cost the Show-Me State $50 million.
  • ThycoticCentrify security researchers released a new research report of 300 US companies, which revealed that 64% of them were victims of a ransomware attack in the last 12 months and 83% of them felt they had no choice but to pay the ransom.
  • The UK-based University of Sunderland, which had been a target of a cyberattack over the past week, has still not completed the work to restore the infrastructure. The school cancelled on-line classes but encouraged a partial renewal of in-person teaching on campus.

« Späť na zoznam