Posted on May 17, 2021 at 2:29 PM
A Toshiba enterprise unit revealed that its servers were recently attacked by the DarkSide ransomware group. This makes it the third ransomware attack within the past few days, with two of them executed by the DarkSide group.
The other entities targeted include the Irish healthcare system Health Service Executive and US gas pipelines company Colonial.
A senior malware analyst at Mitsui Bussan Safe Instructions, Takashi Yoshikawa, stated that there are about 30 teams in DarkSide. He added that the teams are always devising means to hack companies on a regular basis. “They succeeded this time with Toshiba,” he stated.
Yoshikawa also mentioned that many companies have been made weak as a result of workers who are accessing company files from remote areas due to the lockdown.
About 740 Gigabytes of data compromised
According to the screenshots put up by DarkSide, there were more than 740 gigabytes of compromised data, which includes passports and different private info.
The numbers of ransomware attacks have increased in recent times, as threat actors take advantage of the loopholes within the Covid-19 era. Some are encrypting data and demanding ransom payments in crypto assets to unlock it.
After the ransomware attack on the Health Service Executive, the institution shut down its IT programs to prevent further cyber assault on its servers.
DarkSide group avoids attacks on firms in former Soviet Union
According to the cybersecurity experts investigating the U.S’s Colonal case, the DarkSide threat actors include Russian speakers and they do not attack organizations in the former Soviet Union.
The security experts also added that the group takes care of the ransom negotiation after its affiliates have carried out the attacks.
Toshiba recently dismissed a $20 billion take-private bid from CV capital earlier this year. Subsequently, shareholders are asking Toshiba to seek offers from potential suitors. In response, the company’s executives say they are organizing a strategic review committee, with UBS appointed as its financial advisor.
The review will be carried out by independent director with a view of helping the board set up new business plan before the end of the year. Toshiba said only a small amount of non-critical data was lost in the attack.
Ramsom paid for attack on Colonial Pipeline
Colonial Pipeline reportedly paid DarkSide ransomware group $5 million to decrypt locked systems that has affected the operational activities of the fuel giant for a week.
The pipeline says it’s now fully back in business after the files were decrypted, but there’s no denying the fact that its reputation has been severely affected.
The DarkSide group offers ransomware variant to affiliates who sign up with them. Whatever profit the affiliated group makes, DarkSide retains a percentage of it. The affiliates can also utilize double-extortion tactics, where corporate files are stolen during an attack.
Any company that defuses to meet their ransom demands will be eventually threatened with the exposure of the stolen files to the public.
The attack on Toshiba began last week, as reported by Bloomberg. However, it’s unclear whether the company has responded to the hackers’ ransomware demands.
According to FireEye researchers, the DarkSide developers take a profit of 10% for ransom payments over $5 million, and 25% for payments below $500,000.
Toshiba shuts down networks temporarily
Toshiba manufactures products such as printers, Point-of-Sale (PoS) systems, and other electrical equipment. However, it appears it’s the company’s French subsidiary that was targeted in the attack.
After the attack, Toshiba Tec shut down its networks between Europe and Japan, as well as its subsidiaries, to “prevent the spread of the damage.”
In the other ransomware attack on Ireland’s healthcare, no group has come out to claim responsibility yet. However, it is believed that the attack tool used involved the “Conti-human-operated ransomware.”
Prime Minister Micheál Martin stated that the health center will not pay any ransom for the encrypted data. “We are very clear we will not be paying any ransom,” he stated.
Rate of ransomware payments have increased in recent times
The Q1 2021 Ransomware Report issued by Coveware showed that the numbers of ransom payments to threat actors have increased in recent times. The report showed that the average ransom payment increased by 43% from $154,000 in Q4 2020 to $220,000 in Q1 2021. The data also indicated that the theft of corporate data amongst threat actors is increasing.