November 16, 2023 at 02:04PM
Toyota Financial Services (TFS) has experienced unauthorized access on some of its systems in Europe and Africa as a result of a ransomware attack by the Medusa gang. The hackers are demanding an $8 million ransom and have threatened to leak stolen data if it is not paid. TFS has taken systems offline and is working with law enforcement to investigate the incident. It is suspected that the attackers gained access through a vulnerable Citrix Gateway endpoint.
Key takeaways from the meeting notes are as follows:
1. Toyota Financial Services (TFS) has experienced unauthorized access on some of its systems in Europe and Africa due to an attack by the Medusa ransomware gang.
2. The ransomware attackers have demanded a payment of $8 million from Toyota in exchange for deleting the allegedly stolen data.
3. The attackers have given Toyota a 10-day deadline to respond, with the option of extending the deadline for $10,000 per day.
4. Although TFS has not confirmed if data was stolen, the threat actors claim to have exfiltrated files and threaten to leak the data if the ransom is not paid.
5. The hackers have published sample data, including financial documents, passwords, agreements, passport scans, and more, to prove their intrusion.
6. Most of the documents are in German, indicating that the hackers gained access to systems serving Toyota’s operations in Central Europe.
7. Toyota Financial Services Europe & Africa has already taken certain systems offline, initiated an investigation, and started working with law enforcement.
8. The process of bringing systems back online is already underway in most countries.
9. Security analyst Kevin Beaumont highlighted that TFS’s German office had an internet-exposed Citrix Gateway endpoint that had not been updated since August 2023, making it vulnerable to the critical Citrix Bleed security issue.
10. Other ransomware groups may also be exploiting the Citrix Bleed vulnerability, as it offers a large potential attack surface with several thousand endpoints.