Yamaha Motor reports ransomware attack on Philippines subsidiary
Yamaha Motor's motorcycle production arm in the Philippines suffered a cyberattack by ransomware last month, which compromised and disclosed certain personal details of its employees. After detecting the incident on October 25, the company has engaged cybersecurity specialists to investigate.
A response team comprising YMPH and Yamaha Motor's IT Center has been actively working on mitigation, impact assessment, and recovery efforts, in collaboration with an external internet security firm. The attack was isolated to one server at the Philippine subsidiary and did not affect Yamaha Motor's main operations or other group subsidiaries.
Update - Yamaha Motor Philippines has confirmed a data breach of a server which handles the company’s motorcycle production and sales within the nation. The attackers launched a ransomware attack resulting in the confirmed exfiltration of a portion of the stored employee personal data.
Yamaha Motor did not provide details on the exposed data or the number of affected individuals.
The attack has been claimed by the INC Ransom gang. The gang typically infiltrates networks via spearphishing or exploiting vulnerabilities, as seen with the Citrix NetScaler CVE-2023-3519.
Once inside, they exfiltrate sensitive data before deploying ransomware. They give victims 72 hours to start negotiations, threatening data disclosure otherwise.