Yamaha and WellLife Network confirm cyber incidents after ransomware gang claims attacks

Japanese manufacturer Yamaha Motor and the healthcare organization WellLife Network have confirmed cyberattacks after being added to the leak site of a ransomware gang this week.

Yamaha Motor published a notice on Thursday confirming that a server managed by its motorcycle manufacturing and sales subsidiary in the Philippines had been hit with a ransomware attack discovered on October 25.

The attack leaked the personal information of employees but the company noted that it will take more time before it understands the full extent of the damage.

The incident was reported to Philippine authorities on October 27 and on Thursday, the company confirmed that employee information was leaked.

“At present, servers and systems at YMPH not compromised by this attack have been restored. The attack was limited to one of the servers managed by YMPH and we have confirmed that it has not affected the headquarters or any other companies in the Yamaha Motor group,” the company said in a statement.

“However, we will continue to closely monitor the situation while continuing our work to fully restore the systems at YMPH damaged by the attack as quickly as possible.”

Yamaha Motor did not say which ransomware group attacked them but the INC ransomware gang posted the company to its leak site on Wednesday.

According to researchers at SentinelOne, the ransomware group emerged in July. Like several other extortion gangs, the group has been seen exploiting CVE-2023-3519 — a vulnerability affecting products from Citrix that has been part of a “large-scale exploitation campaign,” according to the Dutch Institute of Vulnerability Disclosure and cybersecurity firm Fox-IT.

SentinelOne noted that it has seen the group target multiple industries including education, government and healthcare.

On Friday, the group added WellLife Network to its list of victims. With an annual operating budget of $100 million, the organization provides a range of services to people with intellectual or developmental disabilities as well as those with mental illness.

On November 6, the organization posted a notice informing patients and employees that their IT team discovered a cyberattack in early September.

“The investigation is ongoing at this time. However, as of this writing, the investigation has determined that between August 26, 2023 and September 7, 2023, an unauthorized actor gained access to certain WellLife systems and may have viewed or taken certain information contained therein,” they said.

The information stolen includes names, dates of birth, demographic information, and other personal or health information.

They are still investigating the incident and plan to contact those affected, as well as state regulators. They did not respond to requests for comment about how many people were affected but in documents filed with the U.S. Department of Health and Human Services’ Office for Civil Rights, they said 501 people were impacted.