Japanese Manufacturer Yamabiko Targeted by Babuk Ransomware
A Japanese manufacturer has been targeted by the Babuk ransomware after a recent attack on Washington DC’s police department. The ransomware gang has most recently attacked Yamabiko, a Tokyo-headquartered manufacturer of power tools and industrial machinery. The company was allegedly added to Babuk’s data leak site, signifying that the company had been compromised. However, Yamabiko has not announced an official confirmation of the attack.
Information uploaded to Babuk’s site includes personally identifiable information on employees, product schematics, financial data, and other sensitive data. In total, the Russian-speaking threat actor group claims to have 0.5TB of data in its possession following the attack. Yamabiko is a prime candidate for ransomware attacks as it boasts an annual revenue of over $1B and is vulnerable to techniques and tactics that allow the attacker to move laterally inside networks such as Cobalt Strike. Babuk has also been linked to operations that exploit VPN vulnerabilities to gain an initial foothold.