‘Asteelflash’ Hit by REvil and Asked $24 Million Ransom

  • The REvil ransomware gang has reportedly stolen files from French tech manufacturer ‘Asteelflash.’
  • The firm has chosen not to communicate the details of the incident and simply said it’s under investigation.
  • The point of entry could be an exposed Microsoft RPC service which was present since last November.

The Paris-based electronics manufacturer ‘Asteelflash’ suffered a ransomware attack by the REvil group and is now asked to pay a mind-boggling ransom of $24 million. According to LeMagIt, the attack took place on March 23, and initially, the demand was set to $12 million to be paid in the untraceable Monero crypto. Because the negotiations didn't reach a point of agreement in time, the actors raised the ransom to double the amount and leaked the first sample of the exfiltrated files, an archive named 'asteelflash_data_part1.7z'.

Asteelflash operates 18 plants and two R&D centers, employs 6,200 people, and has an annual revenue that goes over one billion EUR. The company designs and also manufactures printing circuit boards, assemblies electronics, and offers aftermarket services too, so they’re something like “Europe’s Foxconn” if you like.

The attack doesn’t appear to have an impact on the websites and online services of the firm, but we have no way of knowing what the status of the manufacturing units is. Officially, the company only commented that “the incident is being evaluated” through its global marketing manager, Tiphanie Picard. Thus, there’s nothing specific coming from Asteelflash for the time being.

According to the same report, a Shodan search indicates that the company had a Microsoft RPC service exposed at the end of November, which is something that malicious actors can leverage to engage in remote code execution. If that is what happened, the infiltrators wouldn’t be easy to spot because this type of exploitation shouldn’t raise any security alarms. Also, it could mean that actors have enjoyed a long-term presence in the Asteelflash network.

For now, we don’t even know if the encryption process was complete and up to what point it compromised the targeted corporate network. REvil is a big-fish hunter that recently struck Acer, the Taiwanese laptop maker. In that case, the actors demanded a payment of $50,000,000 in Monero. We don’t know how much of all this money the group manages to get in the end, but a recent report by IBM’s intelligence department puts REvil’s annual revenues to over $100 million.

Latest
How to Watch Christmas on Cherry Lane Online from Anywhere
Christmas on Cherry Lane depicts three families and their holiday traditions. This holiday film will premiere on the Hallmark Channel in the...
How to Watch EPCR Challenge Cup 2023/24 Online from Anywhere 
Rugby fans are looking forward to the start of the EPCR Challenge Cup 2023, which will pit 18 of the top club...
How to Watch Merry Little Batman Online Free from Anywhere
The beginning of the holiday season heralds the release of a new superhero Christmas special, Merry Little Batman, which takes us to...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari