The DarkSide criminal gang, which was also responsible for the assault on Colonial Pipeline, which triggered widespread gas shortages and panic buying across the Southeast, hacked a Toshiba business unit earlier this month.
Toshiba Tec said in a statement that the cyberattack affected its European subsidiaries, and the company is investigating the extent of the damage. It stated that “some details and data could have been leaked by the criminal gang,” but it did not confirm that customer information was leaked.
"There are around 30 groups within DarkSide that are attempting to hack companies all the time, and they succeeded this time with Toshiba," said Takashi Yoshikawa, a senior malware analyst at Mitsui Bussan Secure Directions. During pandemic lockdowns, employees accessing company computer systems from home have made businesses more susceptible to cyber-attacks, he said.
The assault seems to have been carried out by the Russian criminal group DarkSide, according to a company representative who spoke to Reuters. The attack happened on May 4, according to a spokesperson that confirmed the same to CNBC. According to the outlet, the hackers demanded a ransom, but the company refused to pay. Colonial Pipeline, on the other hand, is said to have paid a ransom of approximately $5 million within hours of the attack last week.
The assault, which resulted in gas shortages and panic buying at US gas stations across the Southeast, likely drew more attention to DarkSide than it had hoped for, with President Biden promising to go after the group.
According to screenshots of DarkSide's post given by the cybersecurity company, more than 740 gigabytes of data, including passports and other personal details, was compromised. On Friday, Reuters was unable to reach DarkSide's public-facing website. DarkSide's numerous websites, according to security researchers, have become inaccessible.
Hackers encrypt data and demand payment in cryptocurrency to decrypt it, increasing the number and size of ransomware attacks. They are gradually releasing or threatening to release stolen data unless they are paid more.
The attack software was distributed by DarkSide, according to investigators in the US Colonial case, which involves Russian speakers and avoids hacking targets in the former Soviet Union. DarkSide allows "affiliates" to hack into targets in other countries, and then manages the ransom and data release.