Imagine walking into work one morning, only to find that your company’s computer systems have been locked down and your sensitive data has been stolen. This nightmare scenario is becoming all too real for businesses around the world, including Yamaha Motor’s Philippines motorcycle manufacturing subsidiary. Last month, Yamaha fell victim to a ransomware attack, leading to the unauthorized theft and leak of some employees’ personal information.
Since the breach was first detected on October 25, Yamaha has been working tirelessly with external security experts to investigate the incident. The company confirmed that one of its servers in the Philippines was accessed without authorization and hit by a ransomware attack, resulting in a partial leakage of employees’ personal information.
Thankfully, Yamaha is taking this issue seriously, and the company has established a countermeasures team to prevent further damage. They have been working around the clock to investigate the scope of the impact and recover from the attack, with help from an external internet security company.
Now, you might be wondering if this attack has affected Yamaha’s headquarters or other subsidiaries. Well, Yamaha has stated that only a single server at Yamaha Motor Philippines was breached, and the attack has not impacted any other parts of the Yamaha Motor group.
Who’s behind the attack?
While Yamaha has yet to point fingers at a specific culprit, the INC Ransom gang has taken credit for the attack. They claim to have stolen data from Yamaha Motor Philippines’ network and have leaked it on their dark web site. So far, they have published roughly 37GB of allegedly stolen data, including employee ID information, backup files, and corporate and sales information.
The INC Ransom gang has been active since August 2023 and has targeted various organizations, including those in healthcare, education, and government sectors. They use a double extortion method, where they not only encrypt the victim’s data but also threaten to leak it if the ransom is not paid.
So, how do they gain access to their targets’ networks? They use spearphishing emails and have also been observed exploiting vulnerabilities like the Citrix NetScaler CVE-2023-3519, according to SentinelOne.
What can you do to protect your business?
At ZZ Servers, we understand the importance of keeping your business safe from cyber threats. Our team of experts can help you assess your current security measures and implement the necessary protections to keep your data secure.
Don’t wait until it’s too late. Contact us today to learn how ZZ Servers can assist you in safeguarding your business against ransomware attacks and other cybersecurity threats.