After Colonial Pipeline, DarkSide ransomware strikes Toshiba

Toshiba Tech Corp, a subsidiary of the Toshiba conglomerate, was hacked by the DarkSide ransomware group. The group is reported to be behind the recent Colonial Pipeline attack that led to a 6-day outage in the gas pipeline.

"There are around 30 groups within DarkSide that are attempting to hack companies all the time, and they succeeded this time with Toshiba," said Takashi Yoshikawa, a senior malware analyst at Mitsui Bussan Secure Directions, reported Reuters.

Toshiba’s French subsidiary announced that only a small amount of work data had been lost. Reuters reported that screenshots of DarkSide's post provided by Mitsui showed that more than 740 GB of information was compromised. This included passports and other personal information.

DarkSide emerged in mid-2020 and comprises veteran cybercriminals, as suggested by experts tracking the group. The FBI confirmed that the group originated in Eastern Europe and was behind the Colonial Pipeline attack.

On May 12 the group declared three more targets: a construction company in Scotland, a renewable energy product reseller in Brazil, and a technology services reseller in the US. The group claimed to have stolen 1.9 GB of data, including client data, financial data, employee passports, and contracts. 

DarkSide is a ransomware-as-a-service (RaaS) and uses double extortion. It demands separate sums for a digital key needed to unlock any files and servers, and for a promise to destroy stolen data. Some ransomware attackers encrypt data and seek payment in cryptocurrencies to unlock it.

Toshiba, which has grappled with a series of scandals, said it was setting up a strategic review committee to work on ways to increase corporate value. It had appointed UBS as a financial adviser.

The move comes after CVC Capital’s $20 billion offer to take the conglomerate private but was faced with strong opposition within the company. It must be noted that Toshiba manufactures nuclear power reactors and makes defense equipment, meaning any sale would require the approval of the Japanese government.

Picture Credits: Reuters