Toshiba Tec Corp, a unit of Toshiba Corp, which makes point-of-sale systems and copiers, said it was hit by a ransomware attack during the night of May 4.
The company said that only a minimal amount of work data was lost during the attack and that the threat actor behind it was DarkSide, the group responsible for the Colonial Pipeline attack.
Citing the cybersecurity firm Mitsui Bussan Secure Directions, Japan’s public broadcaster NHK reported that the group posted a statement on its dark web site claiming the responsibility.
The hackers claim to have stolen over 740 gigabytes of data, including information on management, new businesses and personal data, NHK said.
Security researchers said DarkSide's multiple websites had stopped being accessible.
Telegram channel Russia OSINT reported Friday that the DarkSide ransomware group has lost access to their public infrastructure, namely to their blog, payment service and the CDN servers, and that the gang’s servers have been seized. The gang has announced it will delete all their ransomware topics from cybercrime forums and go into private.
It was also said that shortly after the servers were seized funds belonging to the hackers and their clients were transferred from the gang’s payment server to an unknown address.
The group also introduced the new restrictions forbidding their affiliates to attack organizations “in the social sector (healthcare, education) and the government sector in any country.”