A hacking group known as BlackSuit has claimed responsibility for the recent ransomware attack on publishing giant Kadokawa, and threatened to release stolen data if a ransom is not paid by July 1, 2024.
BlackSuit is a notorious ransomware gang that emerged as a rebrand of the Royal ransomware operation. The group is believed to have ties to the now-defunct Conti cybercrime syndicate, a major player in the ransomware landscape.
While the exact location and identities of the members remain unclear, cybersecurity experts have identified several indicators suggesting ties to Russia.
Kadokawa first acknowledged the cyberattack in early June, reporting disruptions to multiple websites and services. The company has since provided regular updates on its efforts to restore systems and investigate the incident.
However, BlackSuit’s reported statement on June 27, 2024, revealed the full extent of the breach, alleging the theft of 1.5 terabytes of sensitive information, including business plans, user data, contracts, and financial records.
BlackSuit claims to have exploited vulnerabilities in Kadokawa’s network architecture, gaining access to a “control center” that allowed them to encrypt the entire network, affecting various subsidiaries, including Dwango and NicoNico.
Despite Kadokawa’s IT department detecting their presence, the hackers were able to continue downloading data for several days before encrypting the network.
The hacking group claims Kadokawa has been negotiating a deal but has offered an “extremely low” ransom for a company of its size. They warned that the leaked data could have significant consequences for Kadokawa’s business operations and the privacy of many Japanese citizens.
The ransom has not been specified in the statement. Check out the image of the statement below.
In its most recent update, Kadokawa assured customers that no credit card information was compromised as it was not stored on their system.
The company also stated that its top priorities were restoring accounting functions and normalizing manufacturing and distribution in its publication business, with expected results by early July.
While the production of new publications remains steady, the shipment of existing publications is currently at one-third of normal levels. To mitigate the impact, Kadokawa is implementing alternative arrangements, including increasing human resources.
In its Web Services business, all Niconico family services are still suspended, although provisional services like Niconico Video (Re: tmp) and Niconico Live Streaming (Re: tmp) have been provided.
Existing services such as Niconico Manga smartphone version and NicoFT have also resumed.
The Merchandise business has seen limited impact, with shipping functions operating normally. However, the failure of Kadokawa’s account authentication function has prevented users from logging into certain online shops.
Temporary pages have been created for affected users. Kadokawa revealed that they will keep updating regarding this issue.
