‘Asteelflash’ Hit by REvil and Asked $24 Million Ransom

• The REvil ransomware gang has reportedly stolen files from French tech manufacturer ‘Asteelflash.’
• The firm has chosen not to communicate the details of the incident and simply said it’s under investigation.
• The point of entry could be an exposed Microsoft RPC service which was present since last November.

The Paris-based electronics manufacturer ‘Asteelflash’ suffered a ransomware attack by the REvil group and is now asked to pay a mind-boggling ransom of $24 million. According to LeMagIt, the attack took place on March 23, and initially, the demand was set to $12 million to be paid in the untraceable Monero crypto. Because the negotiations didn't reach a point of agreement in time, the actors raised the ransom to double the amount and leaked the first sample of the exfiltrated files, an archive named 'asteelflash_data_part1.7z'.

Asteelflash operates 18 plants and two R&D centers, employs 6,200 people, and has an annual revenue that goes over one billion EUR. The company designs and also manufactures printing circuit boards, assemblies electronics, and offers aftermarket services too, so they’re something like “Europe’s Foxconn” if you like.

The attack doesn’t appear to have an impact on the websites and online services of the firm, but we have no way of knowing what the status of the manufacturing units is. Officially, the company only commented that “the incident is being evaluated” through its global marketing manager, Tiphanie Picard. Thus, there’s nothing specific coming from Asteelflash for the time being.

According to the same report, a Shodan search indicates that the company had a Microsoft RPC service exposed at the end of November, which is something that malicious actors can leverage to engage in remote code execution. If that is what happened, the infiltrators wouldn’t be easy to spot because this type of exploitation shouldn’t raise any security alarms. Also, it could mean that actors have enjoyed a long-term presence in the Asteelflash network.

For now, we don’t even know if the encryption process was complete and up to what point it compromised the targeted corporate network. REvil is a big-fish hunter that recently struck Acer, the Taiwanese laptop maker. In that case, the actors demanded a payment of $50,000,000 in Monero. We don’t know how much of all this money the group manages to get in the end, but a recent report by IBM’s intelligence department puts REvil’s annual revenues to over $100 million.