The logo of Toshiba Corp at the company’s headquarters in Tokyo in a 2017 file photo. A French unit of the company pointed the finger at the DarkSide group for a ransomware attack, though it’s not clear what led to that conclusion. (Toru Hanai/Reuters)
A Toshiba Corp unit said it was hacked by the DarkSide ransomware group, the group widely believed to be behind the recent Colonial Pipeline attack in the U.S.
Toshiba Tec Corp, which makes products such as bar code printers and is located in France, was hacked, but the company said only a minimal amount of work data had been lost.
“There are around 30 groups within DarkSide that are attempting to hack companies all the time, and they succeeded this time with Toshiba,” said Takashi Yoshikawa, a senior malware analyst at Mitsui Bussan Secure Directions.
Employees accessing company computer systems from home during pandemic lockdowns have made firms more vulnerable to cyberattacks, he added.
Screenshots of DarkSide’s post provided by the cybersecurity firm said more than 740 gigabytes of information was compromised and included passports and other personal information.
Reuters could not access DarkSide’s public-facing website on Friday. Security researchers said DarkSide’s multiple websites had stopped being accessible.
Ransomware attacks typically involve the infection of computers with malicious software, often downloaded by clicking on seemingly innocuous links in emails or other website pop-ups. Users are left locked out of their systems, with the demand that a ransom be paid to restore computer functions.
They differ from a data breach or other types of hacking, which may steal large batches of customer data or other information from companies or individuals.
Investigators in the U.S’s Colonial case say the attack software was distributed by DarkSide, which includes Russian speakers and avoids hacking targets in the former Soviet Union. DarkSide lets “affiliates” hack into targets elsewhere, then handles the ransom negotiation and data release.
Irish attack ‘widespread’: minister
Meanwhile, Ireland’s health service operator shut down all its IT systems on Friday to protect them from a “significant” ransomware attack, crippling diagnostic services, disrupting COVID-19 testing and forcing hospitals to cancel many appointments.
“This is not espionage. It was an international attack, but this is just a cyber criminal gang looking for money,” Ossian Smyth, the minister responsible for e-government told the national broadcaster RTE.
Smyth said he was unable to share all the information he had, but did admit it was extensive.
“It is widespread and possibly the most significant cyber crime attack on the Irish state,” he said.
Ireland’s COVID-19 vaccination program was not disrupted as it is on a different system, but the attack was affecting IT systems serving all other local and national health provision, the head of the Health Service Executive (HSE) said.
The HSE shut down the IT systems as a precaution to protect as much information as possible and was assessing how the attack would affect other services, chief executive Paul Reid said.
‘Very sophisticated attack’
Reid said the cyberattack, discovered in the early hours of Friday morning, was a “human-operated ransomware attack where they would seek to get access to data and seek a ransom for it.”
The HSE had not received a ransom demand “at this stage” and was at a very early point in understanding the threat posed by what Reid described as a “very sophisticated attack.”
“This is having a severe impact on our health and social care services today. Individual services and hospital groups are impacted in different ways,” Health Minister Stephen Donnelly said on Twitter.
Reid said the attack was largely affecting information stored on central servers, not hospital equipment, and that emergency services continued to operate.
While scheduled COVID-19 tests will go ahead as planned on Friday, the HSE said its referrals system was down, meaning anyone else requiring a test must attend walk-in sites, which are currently operating in just over half of Ireland’s 26 counties.
At Cork University Hospital, the largest in Ireland’s second city, staff arrived to find IT systems paralyzed, with all computers switched off.
“Our main concern is patient safety and results that might be outstanding, laboratory data that needs to be available to manage patient care today. It’s very distressing for patients,” medical oncologist Seamus O’Reilly told RTE.
Dublin’s National Maternity Hospital said there would be significant disruption to all services on Friday. Another maternity hospital in the capital cancelled all outpatient appointments for the day other than those for women 36 or more weeks pregnant or in need of urgent care.
The state’s child and family agency, Tusla, said its IT systems, including the portal through which child protection referrals are made, are not currently operating.