A Toshiba business unit said it was hacked earlier this month by the DarkSide criminal group, the same gang responsible for the attack on Colonial Pipeline, which caused widespread gas shortages and panic buying across the Southeast.
Toshiba Tec said in a statement that its European subsidiaries were hit by the cyberattack and the company’s probing the extent of the impact.
It said “it is possible that some information and data may have been leaked by the criminal gang,” but it hasn’t confirmed that customer-related information was leaked.
A company spokesperson confirmed to Reuters that the attack appears to have been carried out by the Russia-based criminal gang DarkSide. A spokesperson confirmed to CNBC that the attack took place on May 4.
The hackers requested ransom, but the company did not pay, the outlet reported. Colonial Pipeline, in contrast, reportedly forked over a ransom of nearly $5 million within hours of last week’s attack.
That attack, which spurred gas shortages and panic buying at US stations across the Southeast, likely got DarkSide more attention than it’d been hoping for, with President Biden vowing to go after the gang.
“We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks,” Biden said Thursday at a press conference. White House officials said there’s evidence that the gang is operating at least partly in Russia.
“We are also going to pursue a measure to disrupt their ability to operate,” he added.
On Thursday evening, the criminal group released a statement saying it has lost control of its web servers and some of the money it’s made off ransom payments.
“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers,” read a post on the dark web by user Darksupp, the operator of DarkSide, according to The Record.
The announcement was posted on cybercrime chatboard Exploit Forum, according to Recorded Future threat intelligence analyst Dmitry Smilyanets.
It remains unclear if the announcement is a ruse for the group to escape attention or avoid paying its partners. Cybersecurity analysts warned that anything posted by DarkSide operators should be taken with a grain of salt.
With Post wires