On March 14, 2021, REvil ransomware operators attacked Acer, the Taiwanese PC manufacturer, using the freshly-disclosed ProxyLogon Exchange vulnerability (CVE-2021-26855, disclosed March 2, 2021) as the initial access vector — less than two weeks after the vulnerability became public. REvil demanded $50 million in Monero cryptocurrency — the largest ransomware demand publicly recorded at the time. The group posted images of allegedly stolen financial spreadsheets, bank balances, and bank communications as proof of data exfiltration. They threatened to double the ransom to $100 million if not paid within their deadline. Acer acknowledged a ‘security incident’ but did not confirm paying a ransom. The attack demonstrated the extremely short window between vulnerability disclosure and weaponization by ransomware operators — and the particular danger of internet-facing Exchange servers during the ProxyLogon exploitation wave.