Ransomware group REvil claims responsibility for an attack on Midea, one of the world’s largest appliance manufacturers.

The ransomware group claims to have stolen terabytes of data. Midea has not confirmed the attack at this time. Website IT Pro requested a comment, but initially received no response. Midea’s websites and social media are functional at the time of writing,

REvil disappeared from the radar in July 2021. Just before vanishing, the ransomware group breached Kaseya, a major software vendor for managed service providers (MSPs). The attack infected hundreds of organizations.

REvil resurfaced in April 2022. The original group’s infrastructure and ransomware variant have been active since. According to REvil, Midea is its most recent victim.

REvil and Midea

REvil leaked some of the alleged data in an attempt to prove the attack. According to website IT Pro, the data has yet to be verified. REvil threatened to publish the rest of the data “soon”.

Midea is a multi-billion euro company based in China. Its average annual revenue exceeds €50 billion. The appliance manufacturer ranks 245 in the Fortune 500.

According to REvil, some of the data comes from Midea’s product lifecycle management (PLM) system. REvil claims it’s “ready to sell”.

Double extortion

Public threats are common during ransomware attacks. Some cybercriminals pressure victims in multiple ways. In addition to encrypting data, attackers threaten to sell in hopes of pressuring the victim into paying the ransom.

Some attackers sell part of the data when a victim refuses. The tactic is known as ‘double extortion‘. Ransomware group Maze applied the tactic during multiple attacks.

Security company Allied Universal was infected by Maze in 2019. The organization refused to pay the ransom. Maze increased the ransom demand by 50 percent, published 10 percent of all data and threatened to use the rest in a spam campaign.

Tip: Ransomware is an APT, so you should treat it as such