Ransomware, Content

Toshiba Cyberattack: DarkSide Ransomware Hits Hardware Unit


DarkSide ransomware has attacked Toshiba Tec France Imaging Systems, a subsidiary of Toshiba that sells point-of-sale (POS) hardware and multi-function printers (MFPs).

Toshiba Tec services customers in the  retail distribution, restaurant, logistics and manufacturing industries, and all members of the supply chain, including offices, warehouses, and factories, according to the business unit's website.

The cyberattack comes at an especially sensitive time, considering parent Toshiba's board is under pressure from investors to either improve overall company performance or perhaps sell the overall company.

Toshiba Tech France disclosed the cyberattack in a statement, though the business unit did not mention the dates or specific extent of the attack. Moreover, Toshiba did not mention the specific malware involved -- though the DarkSide ransomware group is believed to be involved, Reuters reports.

The DarkSide ransomware gang was also blamed for the Colonial Pipeline malware attack. The May 2021 pipeline attack squeezed gasoline and jet fuel supplies in certain U.S. regions stretching from Texas to New Jersey. Colonial Pipeline allegedly paid the DarkSide hackers $5 million for decryption keys in a bid to recover from the attack.

Toshiba Tech Group: Complete Cyberattack Statement

Meanwhile, few details about the Toshiba attack have been disclosed. The complete Toshiba Tech Group statement, issued May 14, 2021, reads as follows:

"It was confirmed that Toshiba Tec France Imaging Systems S.A., an European subsidiary of the Toshiba Tec Group companies, suffered from the damage of cyber attack. (“the damage”).

After discovering the damage, the Toshiba Tec Group (“the group”) immediately reported to the authorities concerned in Europe. The group also took actions to stop the networks and systems operating between Japan and Europe as well as those operating among European subsidiaries with the aim of preventing the spread of damage while deploying recovery measures sequentially once effective data backup has been completed. In addition, the group is proceeding to identify the content and extent of the possible damage through conducting investigations by the outside specialized organization.

According to the investigation, the extent of impact has been limited to some regions in Europe and we have not yet confirmed a fact that customer related information was leaked externally.

As far as the investigation result shows, the group recognizes that it is possible that some information and data may have been leaked by the criminal gang, we will continue to conduct further investigation in cooperation with external specialized organization to grasp the details.

Although the group has been steadily implementing information security measures, the group will further enhance securtity measures to ensure protecting the information of our customers and employees. Going forward, the group is determined to resolve the problem by closely cooperating with the relevant authorities in Europe."

How MSSPs Can Mitigate DarkSide Ransomware Threat

MSSPs (managed security services providers) seeking to mitigate potential DarkSide ransomware threats for customers should see this joint CISA-FBI Cybersecurity Advisory about the malware, which surfaced May 11, 2021.

MSSPs working with the U.S. federal government should also read President Biden's executive order on cybersecurity -- which includes specific cyber requirements and deadlines for IT service providers. Biden issued the order on May 12, 2021.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.