Toshiba Business Reportedly Hit by DarkSide Ransomware

A subsidiary of Japanese tech giant Toshiba has admitted suffering a cybersecurity breach reportedly caused by the DarkSide ransomware gang.

Toshiba Tec Corporation — which makes printing, scanning and other office equipment — revealed the incident in a statement on Friday.

Although the update did not confirm whether any customer data was taken in the incident, Toshiba admitted that “it is possible that some information and data may have been leaked by the criminal gang.”

The firm has contacted the relevant authorities in Europe, where the attackers struck, and is working with third-party cyber experts to find out exactly what happened.

“The group also took actions to stop the networks and systems operating between Japan and Europe, as well as those operating among European subsidiaries, with the aim of preventing the spread of damage while deploying recovery measures sequentially once effective data backup has been completed,” it added.

“In addition, the group is proceeding to identify the content and extent of the possible damage through conducting investigations by the outside specialized organization.”

Although not mentioned by name in the statement, the infamous DarkSide ransomware group linked to the recent Colonial Pipeline attack, was flagged by a representative from Toshiba’s French subsidiary, according to Reuters.

The newswire quoted a senior malware analyst from Mitsui Bussan Secure Directions who appears to be working on incident response, as saying: "There are around 30 groups within DarkSide that are attempting to hack companies all the time, and they succeeded this time with Toshiba.”

The report claimed over 740GB of data had been stolen, including passport scans and other personal information.

However, efforts to confirm the involvement of the group have been complicated by disruption to its operations. Reports suggest DarkSide’s TOR site has been closed down and servers seized, although it’s unclear whether this is a law enforcement operation or simply a tactic from the group itself designed to take the heat off after its widely publicized raid on the East Coast fuel pipeline.

What’s Hot on Infosecurity Magazine?