Ransomware hackers attack Toshiba systems; thousands of confidential records leaked

Just a few hours ago, Toshiba Tec Corp revealed that one of its units in Europe was the victim of a cyberattack using the DarkSide ransomware variant. Toshiba Tec Corp is one of the largest manufacturers of products such as barcode readers, point-of-sale (PoS) systems, printers, MFPs and other devices. Reports indicate that the attacked unit is located in a French city.

After detecting the attack, Toshiba’s security teams decided to shut down their networks between Japan, Europe and their subsidiaries in order to prevent the spread of the infection, as well as implement backup recovery and enablement protocols to keep their operations active.

At the moment, Toshiba’s security teams are investigating the incident to determine its actual scope, for which they have contracted the services of a digital forensics firm. On the other hand, it is ignored whether this attack resulted in the leakage of sensitive data: “We still cannot confirm whether the information related to our customers has been compromised,” Toshiba’s report says.

On DarkSide, experts report that this is a ransomware as a service (RaaS) platform that provide its affiliates with access to this dangerous ransomware variant in exchange for dividing the profits generated by these malicious campaigns.

DarkSide affiliates employ the tactic known as double extortion, in which companies first receive a ransom demand in exchange for a decryption key to unlock infected systems. If organizations refuse to pay, they are threatened with public disclosure of sensitive data and stolen records during initial access to the site of a leak.

At the time of writing the DarkSide website remained offline, so it was not possible to check if the hackers had leaked sensitive information. However, a cached version of the leaked publication appears to show scans of stolen passports along with project documents and job presentations. The record, released on May 13, states that more than 740 GB of Toshiba data was stolen, although the company is expected to add some confirmation in the coming days.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.