Cyber Incident Victim: Acer Inc.

The Sodinokibi ransomware group, also known as REvil, publicly disclosed stolen data from Acer Inc. following a cyberattack against the Taiwanese electronics manufacturer. On March 19, 2021, the threat actors published initial samples of exfiltrated documents on their Tor-based leak site, accompanied by screenshots as proof of compromise. Acer, recognized as a global producer of computers, monitors, televisions, VR devices, and smartphones, became aware of the breach through this unauthorized data disclosure. The attackers executed a double-extortion strategy by first stealing sensitive information before threatening its release unless ransom demands were met. While the specific intrusion vector remained unspecified in initial reports, the publication timeline indicated the attack occurred shortly before March 19. The leaked materials demonstrated unauthorized access to corporate documents, though the full scope of compromised data wasn't immediately quantifiable from available disclosures.

Subsequent reporting on March 20, 2021, revealed that the ransomware operators had demanded $50 million from Acer, marking one of the largest known ransom demands at that time. Details of negotiation communications between the threat actors and Acer representatives became publicly accessible through third-party websites that published excerpts from these private discussions. The disclosure of chat logs provided visibility into the ransom negotiation dynamics, though the company's official stance regarding payment or non-payment remained unconfirmed in available sources. The incident highlighted operational security challenges for victim organizations when threat actors leverage stolen data publication as coercive leverage. No technical details regarding containment measures, system restoration timelines, or forensic findings were disclosed in the immediate aftermath of the data leak publication.