‘Asteelflash’ Hit by REvil and Asked $24 Million Ransom

  • The REvil ransomware gang has reportedly stolen files from French tech manufacturer ‘Asteelflash.’
  • The firm has chosen not to communicate the details of the incident and simply said it’s under investigation.
  • The point of entry could be an exposed Microsoft RPC service which was present since last November.

The Paris-based electronics manufacturer ‘Asteelflash’ suffered a ransomware attack by the REvil group and is now asked to pay a mind-boggling ransom of $24 million. According to LeMagIt, the attack took place on March 23, and initially, the demand was set to $12 million to be paid in the untraceable Monero crypto. Because the negotiations didn't reach a point of agreement in time, the actors raised the ransom to double the amount and leaked the first sample of the exfiltrated files, an archive named 'asteelflash_data_part1.7z'.

Asteelflash operates 18 plants and two R&D centers, employs 6,200 people, and has an annual revenue that goes over one billion EUR. The company designs and also manufactures printing circuit boards, assemblies electronics, and offers aftermarket services too, so they’re something like “Europe’s Foxconn” if you like.

The attack doesn’t appear to have an impact on the websites and online services of the firm, but we have no way of knowing what the status of the manufacturing units is. Officially, the company only commented that “the incident is being evaluated” through its global marketing manager, Tiphanie Picard. Thus, there’s nothing specific coming from Asteelflash for the time being.

According to the same report, a Shodan search indicates that the company had a Microsoft RPC service exposed at the end of November, which is something that malicious actors can leverage to engage in remote code execution. If that is what happened, the infiltrators wouldn’t be easy to spot because this type of exploitation shouldn’t raise any security alarms. Also, it could mean that actors have enjoyed a long-term presence in the Asteelflash network.

For now, we don’t even know if the encryption process was complete and up to what point it compromised the targeted corporate network. REvil is a big-fish hunter that recently struck Acer, the Taiwanese laptop maker. In that case, the actors demanded a payment of $50,000,000 in Monero. We don’t know how much of all this money the group manages to get in the end, but a recent report by IBM’s intelligence department puts REvil’s annual revenues to over $100 million.

How to Watch Love in the Maldives Online from Anywhere
Love in the Maldives is a new romantic movie that you’ll be able to stream online, and we have the premiere date,...
How to Watch Magpie Murders Season 1 Online for Free from Anywhere
Magpie Murders will be available to stream for free in 2023, and we have all the important details you may be looking...
How to Watch NXT Stand & Deliver 2023 Online: Stream the Wrestling Event from Anywhere
NXT Stand & Deliver 2023 is going to happen soon, so wrestling fans can get ready to stream the event online from...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari