Another victim of the infamous DarkSide ransomware gang has emerged online as Toshiba discloses a cyber attack. Ironically, the ransomware gang has also started facing problems itself as it admits losing control of its servers.
Toshiba Suffered Ransomware Attack
Through a recent security notice, the Japanese conglomerate Toshiba confirmed a cyber attack on its European subsidiary Toshiba Tec Corporation.
As revealed, the firm suffered the incident recently, during which, it believes that the attackers had possibly accessed some data. Though, as Toshiba continues with the investigations, it hasn’t revealed more details about the attack and the data breached.
As far as the investigation result shows, the group recognizes that it is possible that some information and data may have been leaked by the criminal gang, we will continue to conduct further investigation in cooperation with external specialized organization to grasp the details.
However, they have assured for now that the attack remained confined to the European subsidiary only. That’s because they quickly stopped the networks between Japan and Europe and other systems to prevent the spread.
Whereas, Reuters has reported that Toshiba has fallen prey to the Darkside ransomware attack.
DarkSide Lands In Hot Water
Even before Toshiba disclosed it, the DarkSide ransomware gang had reportedly put up the firm’s name on its dark web leak site around a week ago.
However, the ransomware gang’s site now remains inaccessible as the gang caught the attention following the Colonial Pipeline fiasco.
According to The Record, DarkSide has recently admitted to having lost control of its servers including the payment servers. That hints that the threat actors have potentially lost control of their ransomware infrastructure as well as all the extortion money.
Besides, Intel471 has shared the full message posted by the DarkSide gang in their post. It reads (as translated from Russian to English),
A couple of hours ago, we lost access to the public part of our infrastructure, in particular to the
-blog
-payment server
-CDN servers
At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked.
The threat actors also confirmed to release decryption keys for all victims as they plan to shut down following US pressure.
In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck.
The landing page, servers, and other resources will be taken down within 48 hours.
Though, Dmitry Smilyanets suspects it to be an exit scam as well.
yeah. I wonder if they decrypted the most recent (non-public) victims before they left.
— ?????? ?????????? (@ddd1ms) May 14, 2021
Recently, the Babuk Locker ransomware gang also made a similar announcement following the attack on their last “goal” – the Washington DC Police.
Let us know your thoughts in the comments.
1 comment
Excellent post, many thanks for this valuable information!
Comments are closed.