INC Ransom gang lists Yamaha Motor and WellLife Network as the victim

Japanese motorcycle manufacturer Yamaha Motor and the American healthcare organization WellLife Network have confirmed cyberattacks on their networks following the publication of their data on a leak site operated by a hacker group utilizing ransomware.

On November 16, Yamaha Motor reported that a server managed by its Philippine subsidiary, engaged in motorcycle manufacturing and sales, fell prey to a ransomware attack at the end of last month, resulting in the exposure of employee personal information.

The company noted that further time is required to assess the full extent of the damage. The incident was reported to Philippine authorities on October 27, and last Thursday, the firm confirmed the data breach involving employee information.

Yamaha Motor’s statement clarified that the attack impacted merely one of its servers and did not affect the central office or other Yamaha Motor group companies. Nevertheless, technical experts are vigilantly monitoring the situation with heightened vigilance.

The INC Ransom gang which deployed the ransomware, posted information about Yamaha Motor on its leak site on Wednesday, November 15. According to SentinelOne researchers, the group, which emerged in July, primarily exploited the CVE-2023-3519 vulnerability in Citrix products.

Meanwhile, WellLife Network, a company with an annual budget of $100 million providing a broad range of services to people with intellectual disabilities and mental illnesses, was added to the victim list of the INC Ransom gang slightly later, on Friday, November 17, although the company publicly reported the incident on November 6. However, the attack itself occurred at the end of August.

The attack on WellLife potentially compromised names, birth dates, demographic information, and other personal or medical data of clients. An investigation is currently underway. Documents filed with the U.S. Department of Health and Human Services’ Office for Civil Rights indicate that the confidentiality of over 500 individuals was breached due to the attack.

Both incidents underscore the vulnerability of even large companies to hacker activity and emphasize the necessity of implementing comprehensive security measures using advanced protective technologies to avoid becoming the next target of cunning malefactors.