Toyota financial services hack claimed by Medusa Ransomware

Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.

Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers.

The Medusa ransomware gang listed TFS to its data leak site on the dark web, demanding a payment of $8,000,000 to delete data allegedly stolen from them.

The threat actors gave Toyota 10 days to respond, with the option to extend the deadline for $10,000 per day.

While Toyota Finance did not confirm if data was stolen in the attack, the threat actors claim to have exfiltrated files and threaten to leak the data if a ransom is not paid.

The hackers also published sample data that includes financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, internal organization charts, financial performance reports, staff email addresses, and more.

Medusa also provides a .TXT file with the file tree structure of all the data they claim to have stolen from Toyota’s systems.

Most of the documents are in German, indicating that the hackers managed to access systems serving Toyota’s operations in Central Europe.

According to a company spokesperson, Toyota Financial Services Europe & Africa recently identified unauthorized activity on systems in a limited number of its locations. They have taken certain systems offline to investigate this activity and to reduce risk and have involved law enforcement.

As of now, this incident is limited to Toyota Financial Services Europe and Africa.

The Medusa ransomware gang which began operating around the end of 2022 has been consistently active and is believed to be operating under the Ransomware-as-a-Service (RaaS) model.

The post Toyota financial services hack claimed by Medusa Ransomware first appeared on Cybersafe News.

CyberNews RansomWare