Security News > 2021 > May > DarkSide Ransomware Hits Toshiba Tec Group
The DarkSide ransomware threat that triggered the shut down of the Colonial pipeline is growing.
Today Toshiba Tec Corp announced a 'cyberattack on European subsidiaries of the Toshiba Tec Group'.
Reuters has reported separately that DarkSide is responsible for the attack against Toshiba Tec and that it occurred on May 4, 2021.
On May 11, 2021, threat intelligence firm Flashpoint announced with 'moderate confidence' that DarkSide ransomware is a variant of REvil.
Flashpoint "Assesses with moderate confidence that the threat actors behind DarkSide ransomware are of Russian origin and are likely former affiliates of the 'REvil' RaaS group." The effect of operating as RaaS is that any number of different groups can be classified as 'DarkSide' operating simultaneously - and it will be difficult to uncover who actually breached each victim.
The bottom line is that DarkSide seems to have added Toshiba Tec to its list of victims, but that nothing else is yet definitively known.