Toshiba unit struck by DarkSide ransomware group | ZDNet


A Toshiba unit has become the latest victim of a DarkSide ransomware attack. 

On Friday, Toshiba Tec Corp said it was struck by a cyberattack that has impacted some regions in Europe. 

Toshiba Tec Corp manufactures products including barcode scanners, Point-of-Sale (PoS) systems, printers, and other electrical equipment. The unit’s French subsidiary appears to have been targeted.


After discovering the attack, Toshiba Tec shut down networks between Japan, Europe, and its subsidiaries to “prevent the spread of damage” while recovery protocols and data backups were implemented.

The company says that an investigation has been launched into the extent of the damage and a third-party cyberforensics specialist has been pulled in to assist. 

“We have not yet confirmed that customer-related information was leaked externally,” Toshiba’s unit says.


However, the company did acknowledge that “it is possible that some information and data may have been leaked by [a] criminal gang.”

This group is DarkSide, cybercriminals that hit the headlines this week following the Colonial Pipeline cyberattack.

DarkSide is a ransomware-as-a-service (RaaS) outfit that provides ransomware to affiliates within its network in return for a cut of any profits made by extorting victim organizations. 


DarkSide affiliates employ a double-extortion tactic, in which companies first receive a demand for payment in return for a decryption key to unlock systems infected with DarkSide ransomware. If they refuse, they are then threatened with the public release of confidential data and records stolen during initial access on a leak site. 

At the time of writing, DarkSide’s leak site is not accessible. The Toshiba subsidiary said that only a “minimal amount of work data had been lost,” reports Reuters.

However, a cached version of the leak post, accessed by ZDNet via Kela’s Darkbeast search engine, appears to show stolen passport scans alongside project documents and work presentations. 


The leak record, posted May 13, claims that over 740GB of data was stolen from Toshiba. 

The ransomware operators are responsible for the attack on Colonial Pipeline last Friday. Colonial Pipeline, a company that provides roughly 45% of East Coast fuel supplies, was forced to close down its operations for close to a week following the encryption of its IT systems. 

The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert and advisory on DarkSide and broader RaaS criminal operations. 


Read on: Colonial Pipeline attack: Everything you need to know

ZDNet has reached out to Toshiba Tec Corp and we will update when we hear back. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 


 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment