Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Toyota finance business confirms ransomware attack, data breach

X.

Toyota Financial Services (TFS), a subsidiary of the popular automaker, has confirmed suffering a ransomware attack.

The company's spokesperson gave a short statement to BleepingComputer, in which they stated that Toyota Financial Services Europe & Africa "recently identified unauthorized activity on systems in a limited number of its locations.”

The company only mentioned unauthorized activity on its endpoints and didn't discuss if any data was stolen. The attackers, on the other hand, claim to have stolen plenty of sensitive information from the firm.


Medusa ransomware

The company took certain systems offline to investigate the attack and reduce the risk of the incident escalating further, the spokesperson continued. “As of now, this incident is limited to Toyota Financial Services Europe & Africa.”

The threat actors behind this incident are known as Medusa Ransomware. The group added Toyota Financial Services (TFS) to its data leak site, claiming to have stolen financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, internal organization charts, financial performance reports, staff email addresses, and more. A sample of the data was added to the site, as well as a .TXT file with the file tree structure. 

Apparently, many documents are written in German, suggesting that the attackers stole the files from an entity in the central European country. The ransom demand is $8 million, and TFS has 10 days to make up its mind. There is also a possibility to extend the deadline, for $10,000 a day. So far, we don't know if TFS is even considering making the payment. 

Some researchers also speculated how Medusa managed to break into Toyota’s network. In his writeup, security analyst Kevin Beaumont said TFS had unpatched Citrix Gateway endpoints in its German offices, sparking the debate that Medusa abused the CitrixBleed flaw to get in.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.