The Medusa ransomware gang allegedly took data from Toyota Financial Services. The group offered the business ten days to provide the $8 million ransom.
Toyota Financial Services (TFS) has confirmed that it identified unauthorized activity on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.
Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers.
The Medusa ransomware gang allegedly took data from Toyota Financial Services. The group offered the business ten days to provide the $8 million ransom.
Medusa ransomware is believed to be operating under the Ransomware-as-a-Service (RaaS) model, where threat actors with limited technical skill use malware devised by sophisticated developers. Affiliates later share ransom money with the developers.
Despite being a relatively new threat actor, the Medusa ransomware gang has already established a reputation for using aggressive tactics. The team has aimed at numerous establishments, including businesses, governmental bodies, and medical service providers.
While Toyota Finance did not confirm if data was stolen in the attack, the threat actors claim to have exfiltrated files and are threatened with a data leak if a ransom is not paid.
To prove the intrusion, the hackers published sample data that includes financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, internal organization charts, financial performance reports, staff email addresses, and more. Medusa also provides a . TXT file with the file tree structure of all the data they claim to have stolen from Toyota’s systems.
Most of the documents are in German, indicating that the hackers managed to access systems serving Toyota’s operations in Central Europe.
The Medusa ransomware gang began operating around the end of 2022 and has been consistently active. According to Ransomlooker, a Cybernews ransomware monitoring tool, Medusa has attacked at least 119 organizations over the past 12 months.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?