therecord.media
Open in
urlscan Pro
2606:4700::6812:1c78
Public Scan
URL:
https://therecord.media/yamaha-confirms-cyberattack-after-multiple-ransomware-gangs-claim
Submission: On July 25 via api from TR — Scanned from DE
Submission: On July 25 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
<form><span class="text-black text-sm icon-search"></span><input type="text" name="s" placeholder="Search…" value=""><button type="submit">Go</button></form>Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Leadership * Cybercrime * Nation-state * People * Technology * Mobile App * About * Podcast * Contact Go SUBSCRIBE TO THE RECORD Subscribe Image: Keller Chewning Jonathan GreigJuly 24th, 2023 * News * Cybercrime * * * * * Get more insights with the Recorded Future Intelligence Cloud. Learn more. YAMAHA CONFIRMS CYBERATTACK AFTER MULTIPLE RANSOMWARE GANGS CLAIM ATTACKS Yamaha’s Canadian music division confirmed that it recently dealt with a cyberattack after two different ransomware groups claimed to have attacked the company. The Yamaha Corporation — different from the spun-off motorcycle division — is a Japanese manufacturing giant producing musical instruments and audio equipment. It is considered the world’s largest producer of musical equipment. In a statement last Thursday, Yamaha Canada Music said it “recently encountered a cyberattack that led to unauthorized access and data theft.” “In response, we swiftly implemented measures to contain the attack and collaborated with external specialists and our IT team to prevent significant damage or malware infiltration into our network,” the company said. “Yamaha Canada has been notifying affected individuals, and we are offering credit monitoring services to those at risk of potential harm. Additionally, we have taken decisive actions to reinforce our network defenses and ensure enhanced security measures moving forward.” The company added that its primary focus right now is to “mitigate any adverse consequences stemming from this criminal act.” Representatives did not respond to requests for comment about whether the incident involved ransomware but the company is the latest example of a growing cybersecurity trend drawing alarm among experts. On June 14, the company was posted on the Black Byte ransomware gang’s list of victims, according to cybersecurity expert Dominic Alvieri. But on Friday, Yamaha appeared on the leak site of the Akira ransomware group. Alvieri said it is becoming increasingly common for victim organizations to be posted by two different ransomware groups. He noted that at least one organization this year was posted by three different groups. “It is a major trend this year,” he said. “There is way more double posting going on.” There have been several high-profile double postings this year, including the city of Oakland, which appeared on the leak sites of the Play and LockBit ransomware gangs. Seasoned ransomware experts did not have a clear answer on why victims are showing up on multiple leak sites, floating several theories that may be driving the trend. Recorded Future ransomware researcher Allan Liska said double postings do appear to be happening more often. “I think it is affiliates working for two different groups, trying to bring more attention to their victims. It is a win for the affiliate and the ransomware as a service group because it brings more attention to the victim, better for coercing ransom payments and it gives the ransomware-as-a-service group more ‘clout,’” he said. “It would be interesting to see how the payment structure on these listings work. Like do all three parties split the ransom or only the RaaS group that the victim pays through plus the affiliate?” Other experts wondered whether cybercrime gangs are simply operating multiple ransomware “brands” and moving between each. “A third option is operations collaborating and sharing data on multiple sites to maximize their reach,” said Emsisoft threat analyst Brett Callow. “Without more information, it’s impossible to say what’s happening.” BlackByte initially emerged in September 2021 with a poorly-coded ransomware, according to experts. The cybersecurity firm Trustwave found a weakness in it and used it to create a free decrypter. But the group created a second version of the ransomware, which solved the bugs found by Trustwave, and have been able to launch several attacks since. The FBI released a security alert about BlackByte just one day before it drew global headlines for an attack on the San Francisco 49ers on the same day as the Super Bowl. The Akira ransomware group, meanwhile, was first identified in March 2023 before taking credit for several high-profile incidents — including attacks on the government of Nassau Bay in Texas, Bluefield University, a state-owned bank in South Africa and major forex broker London Capital Group. Researchers noted that the Akira ransomware bears several similarities to the Conti ransomware, which they said “may indicate that the malware authors were at least inspired by the leaked Conti sources.” * * * * * Tags * Akira * BlackByte * Ransomware JONATHAN GREIG Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic. Previous articleNext article Two new vulnerabilities found in popular baseboard software Pro-China influence campaign allegedly financed staged protests in Washington * Ivanti urges customers to apply patch for exploited MobileIron vulnerabilityJuly 24th, 2023 * VirusTotal apologizes for accidental leak that exposed customer dataJuly 21st, 2023 * FTC, HHS warn health providers not to use tracking tech in websites, appsJuly 20th, 2023 * Apple accuses UK government of trying to become ‘global arbiter’ of encryptionJuly 20th, 2023 * Cyber assistance bills for agriculture sector gain bipartisan attention in SenateJuly 20th, 2023 * Russia’s Turla hackers target Ukraine’s defense with spywareJuly 19th, 2023 * BlackCat, Clop claim ransomware attack on cosmetics maker Estée LauderJuly 19th, 2023 * Cloudflare reports surge in sophisticated DDoS attacksJuly 19th, 2023 * Russian medical lab suspends some services after ransomware attackJuly 18th, 2023 PUTIN’S POTENTIAL SUCCESSORS PART 2: ALEKSEY DYUMIN Putin’s Potential Successors Part 2: Aleksey Dyumin CHINA'S TARGETING OF INTERNATIONAL COMPANIES IN GEOPOLITICAL COMPETITION China's Targeting of International Companies in Geopolitical Competition THE ESCALATING GLOBAL RISK ENVIRONMENT FOR SUBMARINE CABLES The Escalating Global Risk Environment for Submarine Cables NORTH KOREA’S CYBER STRATEGY North Korea’s Cyber Strategy BLUEDELTA EXPLOITS UKRAINIAN GOVERNMENT ROUNDCUBE MAIL SERVERS TO SUPPORT ESPIONAGE ACTIVITIES BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities * * * * * Privacy Policy © Copyright 2023 | The Record from Recorded Future News