Toshiba Tec Corp announced last Friday that it had been hit by a cyberattack that affected parts of Europe. The cyberattack is said to be the work of the DarkSide group, already behind the cyberattack against Colonial Pipeline.
An investigation is underway
Toshiba Tec Corp manufactures products such as barcode scanners, point of sale (PoS) systems, printers and other electrical equipment. The French subsidiary of the company seems to have been targeted.
After discovering the attack, Toshiba Tec shut down networks between Japan, Europe and its subsidiaries to “prevent the spread of damage” while recovery protocols and data backups were put in place. An investigation is underway, the company says, to determine the extent of the damage. A third-party cybercrime specialist has been engaged to assist.
“We are not yet able to confirm whether any information relating to our customers has been disclosed,” notes the Toshiba unit. However, the company acknowledges that “it is possible that some data was disclosed by a criminal group.”
DarkSide and the double extortion
The group in question is DarkSide, which made headlines recently following the Colonial Pipeline cyberattack.
DarkSide is a ransomware-as-a-service (RaaS) company, which provides ransomware to affiliates in its network in exchange for a share of the profits made by extortion from victim organizations.
DarkSide affiliates use a double-extortion tactic: the organization victim of the cyberattack first receives a ransom note, in exchange for a decryption key to unlock systems infected with the ransomware. But, if it refuses, the cyberattackers then threaten to make public confidential data stolen during the cyberattack on a “leak site”.
740 GB of data was stolen from Toshiba
At the time of writing, the DarkSide leak site was not accessible. The subsidiary of Toshiba reassured by specifying that only a “minimal amount of work data had been lost”, reports Reuters.
However, a cached version of the leaked site, which accessed through Kela’s Darkbeast search engine, appears to show scans of stolen passports alongside project documents and working presentations. The leak report, released on May 13, claims more than 740 GB of data was stolen from Toshiba.
Ransomware operators are also responsible for the attack on Colonial Pipeline. The company, which provides about 45% of the East Coast’s fuel supply, was forced to shut down for nearly a week after its computer systems were encrypted.
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert and advisory on DarkSide and RaaS criminal operations more broadly.