As the ransomware pandemic ravages through the big and small size industries alike, the Japanese tech giant joins the list of those affected by it. Toshiba’s European subsidiaries have confirmed that it was targeted by a “cyberattack”. As per the initial investigation, the involvement of the DarkSide ransomware gang is being suspected as the malware signatures of this attack are similar to those used in the Colonial pipeline hack.
Toshiba Subsidiary Confirms Ransomware Attack
The European subsidiaries of Toshiba Tec Group on Friday disclosed information that a cyberattack on their network and systems had meant that the network connections between their company assets in Japan and Europe were taken offline to stop the spread of the malware. A tweet from Toshiba’s French subsidiary, Tec France Imaging System (TFIS), confirmed that it was indeed a ransomware attack and took place on the night of May 4.
The official statement made by the Toshiba Tec Group said that the investigation was ongoing and only “some regions in Europe” were affected by the attack. It further added that until now, there was no information available that could pinpoint the fact that customer-related information was leaked externally during the course of the attack. However, it has not entirely ruled out the possibility of the leak either. It said,
The group recognizes that it is possible that some information and data may have been leaked by the criminal gang, we will continue to conduct further investigation in cooperation with the external specialized organization to grasp the details.
Nowhere in its statement or on official channels did Toshiba Tec Group name the DarkSide ransomware gang’s hand in the attack. But in a report from CNBC, a Toshiba spokesperson said that the DarkSide criminal group appeared to be responsible for the security incident. However, the spokesperson confirmed that it did not intend to pay the ransom and instead used its data backup procedures to get the systems and networks back online. They did exactly that and confirmed it in their statement saying, “With backups in place and prompt countermeasures (taken), encrypted data was recovered, and connections restored.”
The Darkside threat syndicate is offering Ransomware-as-a-Service (RaaS) to smaller threat actors as its affiliates. This way, they have a larger outreach and a double revenue generation model in place. The syndicate has been active since early August 2020 and claims to have victimized nearly 90 companies. But its latest victim the Colonial Pipeline is the one that has made the most noise. The attack had literally dried up 45% of the East Coast’s fuel lines. To learn more about it read the following story.
Ransomware Attack Forces Temporary Shutdown of Top U.S. Fuel Pipeline Operator