Toshiba Unit Fell Victim to a DarkSide Ransomware Attack
It Is Not Yet Confirmed Whether Client-related Data Was Leaked Externally.
Last Friday, Toshiba Corporation revealed that its French division has been hit by a cyberattack that seems to be orchestrated by the same DarkSide ransomware group that has disrupted a major US fuel pipeline.
Toshiba is a Japanese multinational conglomerate that provides products and services such as power, industrial and social infrastructure systems, elevators and escalators, printers, as well as IT solutions.
According to the organization, the ransomware attack was limited to part of Europe and only a small amount of work data had been lost, hackers not being able to get access to customer information.
Following the cyberattack, the company closed down networks between Europe, Japan, and branches in order to avert the damage escalating as they were implementing recovery protocols and data backups.
According to the Japanese company, an inquiry has been launched in order to analyze the damage that has been done and a third-party cyber forensics specialist has been pulled in to help.
We have not yet confirmed that customer-related information was leaked externally.
Nevertheless, Toshiba Corporation is aware of the fact that it might be possible that at least some private information may have been exposed.
They believe that the hackers behind the attack are the popular DarkSide ransomware cybercriminals that organized the Colonial Pipeline cyberattack.
DarkSide Ransomware operates under the form of a Ransomware-as-a-Service (RaaS), in which the gains are shared between its holders and partners, or affiliates, who allow access to companies and execute the ransomware. The DarkSide ransomware gang gets around 25% of a ransom payment, and the rest is taken by the affiliate who organized the assault.
Companies that are failing to pay the requested ransom are threatened with the public release of private data and records stolen during initial access on a leak site.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
Even if the enterprise stated it didn’t notice any information leak, social media pictures of a DarkSide ransomware gang statement show they claimed to have stolen personal data including passport scans.
The leak documentation, published last week, affirms that over 740GB of data was stolen from Toshiba.
The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide.