Yamaha Motor’s subsidiary in the Philippines, Yamaha Motor Philippines, Inc. (YMPH), fell victim to a ransomware attack, leading to unauthorized access and subsequent data theft involving certain employees’ personal information. The breach was detected on October 25, prompting an investigation assisted by external security experts.
According to Yamaha, the breach affected a specific server managed by YMPH, causing a partial leakage of employees’ personal data stored within the company’s systems. A dedicated response team, in collaboration with Yamaha Motor headquarters’ IT Center and external cybersecurity experts, has been actively mitigating the incident and assessing the impact while implementing recovery measures.
Yamaha clarified that the breach solely targeted YMPH’s server and did not impact the headquarters or any other subsidiaries within the Yamaha Motor group. The company promptly reported the incident to relevant authorities in the Philippines and continues to evaluate the full extent of the attack’s consequences.
Despite no immediate comment from Yamaha, the attack has been linked to the INC Ransom gang, which has claimed responsibility and allegedly leaked approximately 37GB of stolen data, including employee ID information, backups, corporate, and sales data.
INC Ransom, active since August 2023, engages in double extortion attacks across sectors like healthcare, education, and government. Employing tactics such as spearphishing emails and exploiting vulnerabilities like Citrix NetScaler CVE-2023-3519, the group gains network access, exfiltrates sensitive files for ransom leverage, and deploys ransomware to encrypt compromised systems.
Upon infiltration, the gang issues a 72-hour ultimatum for negotiations, threatening public disclosure of stolen data if ransom demands are not met. Those complying with the demands are promised assistance in decrypting files, insights into the attack method, guidance for securing networks, and assurances against future attacks by INC Ransom operators.