In the last two weeks, DarkSide criminal group and its ransomware attack on Colonial Pipeline Co. has been a hot topic for all news headlines.
Just a few days after the saga with the largest U.S. largest refine products pipeline, Toshiba announced that it also has become a victim of an attack supposedly operated by DarkSide.
According to the information that is available, the European branch of the tech company was hit by a ransomware on 4th of May. A spokesperson of the company revealed that the attackers required money but Toshiba has not paid the ransom.
Details of the ransomware attack reveal that very limited amount of data has been stolen and no leaks of data have been detected. Toshiba Tec re-assured that protective measures were set in place immediately after the incident.
Research conducted by Toshiba showed that the attack on the company was limited only to some regions in Europe, but it didn’t confirm whether customer information had been exposed. A screenshot of the extortion message published by Reuters, however, revealed that about 740 gigabytes of data was affected.
Earlier this month, the DarkSide gang paralyzed the operations of the largest U.S. refine products pipeline provider – Colonial Pipeline Co. The incident caused a rapid increase of the gas prices and a serious disturbance in the supply chain operation.
The criminal organization even extorted around $5 million from the fuel-supply company in exchange for a decryption tool that was supposed to restore access to the encrypted network.
A few days after the incident, a message supposedly published by DarkSide’s spokesperson appeared online stating that the gang has lost control of its criminal servers.
The recent reveal of the attack on Toshiba, however, has questioned if the servers of DarkSide are really down or back to life. Some security professionals are assuming that the post about the seized DarkSide servers might be a fraud, or an exit tactic that tries to shift the attention.
However, others are explaining that reports of other attacks performed by DarkSide may be seen in the future despite the fact that the gang’s infrastructure has reportedly been taken down. The logical explanation for this is because affiliates of DarkSide were likely to simultaneously attack multiple targets, some of which are publicly exposed a few days later.
Leave a Comment