The claimed ransomware attack by the REvil ransomware group shows the swift speed at which cyber criminals now act. REvil reportedly leaked data to the dark web and is now threatening to leak source code, although Midea Group is yet to confirm the legitimacy of the attack.
The security incident could soon become extremely serious if this claim does turn out to be true. Source code is part of a company’s intellectual property, which in turn makes it extremely valuable to threat actors. If sold, cyber criminals could potentially find vulnerabilities that are unknown, and breach an organisation.
This news is also particularly alarming as this could be the first major attack by the REvil ransomware group since the Kaseya ransomware attack in July 2021. It is not uncommon to see ransomware groups go dark after a major breach by changing servers and hiding their footprint, especially if they receive a lot of media attention and pressure from international law enforcement.
For organisations though, this supposed ransomware attack against Midea Group should be an important lesson on why businesses need to look towards a prevention-first strategy. Companies continue to favour a reaction and mitigation approach, which relies on malware breaching the network and executing before it can be stopped, however, this is too slow. By the time ransomware is stopped, an organisation could have had their data, files or source code stolen and published on the dark web.
We need to stop being on the backfoot when it comes to ransomware attacks. Instead, organisations need a proactive strategy which stops ransomware attacks before they have a chance to go into effect. The speed of modern ransomware attacks means that allowing malware to breach a network could already be too late. With a prevention-first mindset, ransomware groups will no longer have the upper-hand when it comes to leaking data, and we can keep them permanently quiet.