Yamaha Canada Music, a division of the globally recognized Japanese manufacturing colossus, Yamaha Corporation, has acknowledged a recent cyberattack. The confirmation follows claims of cyber incursions by two separate ransomware gangs.
Yamaha Corporation, distinct from its motorcycle division, stands as the largest global producer of musical instruments and audio equipment. In a public statement released last Thursday, Yamaha Canada Music disclosed that it had been subjected to a cyberattack resulting in unauthorized access and data theft.
The company swiftly initiated measures to contain the breach, joining forces with external cybersecurity experts and their in-house IT team. “We promptly took steps to control the situation and engaged external specialists alongside our IT team, averting substantial damage and malware penetration into our network,” said a representative of Yamaha Canada Music.
Affected individuals have been informed, with the company offering credit monitoring services to those potentially impacted. The company emphasized its decisive action to bolster its network defenses and pledged enhanced security measures in the future. “Our prime concern at present is to minimize any adverse effects arising from this unlawful activity,” the company stated.
The exact nature of the cyberattack, notably if ransomware was involved, remains unclear. However, the incident aligns with a worrisome trend in cyberattacks that is raising concerns among experts.
On June 14, Yamaha Canada Music was listed on the Black Byte ransomware gang’s victims list, as noted by cybersecurity expert Dominic Alvieri. Interestingly, Yamaha’s name was seen on the Akira ransomware group’s leak site on Friday.
Alvieri highlighted an escalating trend where an organization is posted by more than one ransomware group. In an alarming instance this year, an entity was posted by three distinct groups. Double postings, Alvieri says, have become a major trend this year.
Several high-profile double postings have occurred this year, including Oakland city, which featured on the leak sites of the Play and LockBit ransomware gangs. The reasons behind multiple postings are a topic of speculation among experts.
Allan Liska, a ransomware researcher at Recorded Future, noted that affiliates working for different groups might be attempting to spotlight their victims more prominently. This could put pressure on the victim for ransom payments and bolster the reputation of the ransomware-as-a-service (RaaS) groups.
Several theories suggest that cybercrime gangs could be operating multiple ransomware ‘brands’, while others propose collaborative operations sharing data on several sites to expand their reach.
BlackByte and Akira ransomware gangs, involved in the Yamaha attack, have been active and noteworthy since their respective inception. BlackByte, which began operations in September 2021, had early vulnerabilities exploited by cybersecurity firm Trustwave to develop a free decrypter. However, the group rectified these in a second version of the ransomware and have since been involved in numerous attacks.
In contrast, Akira ransomware group emerged in March 2023 and quickly gained infamy for several high-profile attacks, including Nassau Bay’s government, Bluefield University, a South African state-owned bank, and the London Capital Group, a leading forex broker.