Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information. "One of the servers managed by [.] motorcycle manufacturing and sales subsidiary in the Philippines, Yamaha Motor Philippines, Inc., was accessed without authorization by a third party and hit by a ransomware attack, and a partial leakage of employees' personal information stored by the company was confirmed," Yamaha said. "YMPH and the IT Center at Yamaha Motor headquarters established a countermeasures team and have been working to prevent further damage while investigating the scope of the impact, etc., and working on a recovery together with input from an external internet security company." Yamaha said the threat actors breached a single server at Yamaha Motor Philippines and that their attack didn't impact the headquarters or any other subsidiaries within the Yamaha Motor group. The company also reported the incident to relevant Philippine authorities and is currently working on assessing the full extent of the attack's impact. A Yamaha Motor spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today. While the company has yet to attribute the attack to a specific operation, the INC RANSOM gang has claimed the attack and leaked what they claim is data stolen from Yamaha Motor Philippines' network. The threat actors added the company to its dark web leak site on Wednesday, November 15, and has since published multiple file archives with roughly 37GB of allegedly stolen data containing employee ID info, backup files, and corporate and sales information, among others. INC RANSOM surfaced in August 2023 and has targeted organizations spanning various sectors such as healthcare, education, and government in double extortion attacks. INC RANSOM has added 30 victims to its leak website. The number of breached organizations is likely bigger, as only those declining to pay the ransom face public disclosure and subsequent data leaks. They move laterally through the network, first harvesting and downloading sensitive files for ransom leverage and then deploying ransomware payloads to encrypt compromised systems. Victims are issued a 72-hour ultimatum to engage with the threat actors for negotiations, under threat of the ransomware gang publicly disclosing all pilfered data on their leak blog. Those complying with the ransom demand also receive assurances that they'll be helped decrypt their files. The attackers pledge to provide details regarding the initial attack method, guidance on securing their networks, evidence of data destruction, and a "Guarantee" that they won't be attacked again by INC RANSOM operators. Kyocera AVX says ransomware attack impacted 39,000 individuals. TransForm says ransomware data breach affects 267,000 patients. Seiko says ransomware attack exposed sensitive customer data. MGM Resorts ransomware attack led to $100 million loss, data theft. Sony confirms data breach impacting thousands in the U.S..
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000