Reports began surfacing around May 8th regarding a possible cyberattack committed against the Japanese power tool and machinery company Yamabiko. Yamabiko has yet to confirm the attack, but Babuk, the group believed to be responsible, has put samples of stolen data on their leak site claiming to be responsible for the intrusion. Information that has been seen thus far includes personally identifiable information (PII) on employees, product schematics, financial data and more, with Babuk claiming to have around a half terabyte of data in their possession. This attack comes as somewhat of a surprise since the group vowed to retire after the Washington D.C. police attack. The number of victims and the full scope of data has yet to be determined, so be on the lookout for further updates surrounding this attack.
Since the threat actors who deploy Babuk ransomware have been known to use different attack vectors such as logging in through remote desktop (RDP) using stolen credentials for employee accounts, traditional prevention-based defenses like firewalls and static anti-virus will not be enough to stop the attacks. Binary Defense recommends endpoint monitoring as a mitigation tactic for these types of attacks. With analysts observing an organization’s endpoints and network events on a 24/7 basis they will have the best chance to recognize attacks in the early stages and stop them in their tracks.