DarkSide ransomware group has hacked Toshiba Tec Corp, which makes products such as bar code printers and is valued at $2.3 billion.
DarkSide is widely believed to be behind the recent Colonial Pipeline attack, Reuters reported.
Toshiba Tec, however, said that only a minimal amount of work data had been lost.
“There are around 30 groups within DarkSide that are attempting to hack companies all the time, and they succeeded this time with Toshiba,” said Takashi Yoshikawa, a senior malware analyst at Mitsui Bussan Secure Directions.
Employees accessing company computer systems from home during pandemic lockdowns have made firms more vulnerable to cyber attacks, he added.
Screenshots of DarkSide’s post provided by the cybersecurity firm said more than 740 gigabytes of information was compromised and included passports and other personal information.
Reuters could not access DarkSide’s public-facing website on Friday. Security researchers said DarkSide’s multiple websites had stopped being accessible.
Ransomware attacks have increased in number and amount of demands, with hackers encrypting data and seeking payment in cryptocurrency to unlock it. They increasingly release stolen data as well, or threaten to unless they are paid more.
Ireland’s health service said on Friday it had shut down its IT systems after what it described as a significant ransomware attack.
Investigators in the U.S’s Colonial case say the attack software was distributed by DarkSide, which includes Russian speakers and avoids hacking targets in the former Soviet Union. DarkSide lets “affiliates” hack into targets elsewhere, then handles the ransom negotiation and data release.
Meanwhile, several ransomware groups have claimed that they were shutting down or scaling back operations, Reuters reported.
DarkSide, the Russian-speaking gang blamed by the FBI for a hacking attack that led to a six-day fuel pipeline shutdown, said it was going out of business after losing access to some of its servers.
Another major criminal gang said it would forbid encryption attacks on critical infrastructure, and forums where such gangs recruit partners said they were banning ads related to ransomware, analysts said.
U.S. President Joe Biden warned the gangs and major host country Russia about consequences for a ransomware attack that prompted Colonial Pipeline to shut down the main supply line to the East Coast. That line was resuming full operation, but many pumps remain empty at stations in some states after days of panic buying.
Investigators said DarkSide provided the encryption software that a criminal affiliate used to render Colonial’s internal files inaccessible. It planned to split any ransom to recover that data with the affiliate, who the investigators have identified as another Russian criminal.