Kadokawa Corporation Suffers Ransomware Attack, Hackers Demand Bitcoin Payment

• On Thursday, Kadokawa Corporation, the entity behind FromSoftware, disclosed it had experienced a ransomware attack earlier this month.
• The incident, which happened on June 8, targeted the company’s servers in Japan, particularly affecting Niconico, a video-sharing platform owned by Kadokawa.
• “Kadokawa is actively seeking solutions to restore normal operations across its systems and business activities,” the corporation mentioned in their statement.

Kadokawa Corporation, the publisher behind Elden Ring, experiences a ransomware attack, impacting multiple services including Niconico.

Ransomware Attack Targets Kadokawa’s Network

Kadokawa Corporation recently confirmed that their network fell victim to a ransomware attack on June 8, impacting various services, including Niconico, their video-sharing service. The attack’s nature has led to significant disruptions, prompting Kadokawa to work on immediate solutions across the organization to resume normal operations.

Impact on Niconico and Other Services

The company’s Niconico services remain halted due to the attack, affecting users’ ability to log into external services using Niconico accounts. In response, Kadokawa is coordinating efforts to gradually bring these services back online. Additionally, Kadokawa affirmed their commitment to addressing the issues systematically to mitigate further disruptions.

Historical Context and Subsidiary FromSoftware

Founded as Kadokawa Shoten in April 1945, the corporation established FromSoftware in Tokyo in 1986. Known for titles like Elden Ring, Demon’s Souls, and Dark Souls, FromSoftware has a storied history within the gaming industry. It remains uncertain whether FromSoftware’s operations were directly affected by the ransomware attack. Kadokawa has not responded to inquiries on this matter.

Black Suit and Their Claims

Although Kadokawa has not identified the perpetrators, the hacker group known as “Black Suit” has taken responsibility. According to Techcrunch, this group, earlier known as “Royal,” has a history of ransom operations, having accumulated over $275 million. Black Suit allegedly outlined the information they seized, including personal data, contracts, and project files, claiming they accessed Kadokawa’s network a month before executing the attack.

Details of the Attack and Black Suit’s Actions

Black Suit reportedly gained access to the interconnected networks of Kadokawa subsidiaries, encrypting the entire network while extracting approximately 1.5 terabytes of data. Despite detection efforts by Kadokawa’s IT team, which included attempts to block server IPs and change credentials, Black Suit managed to maintain undetectable access until they completed their encryption process.

Hacktivism or Ransom Demands?

Labeling their actions as “hacktivism,” Black Suit demanded a fee to enhance Kadokawa’s cybersecurity, setting a one-week deadline before threatening to disclose the stolen data. Hacktivism, often driven by political or social motives, in this case, appears financially motivated. They argued that paying the ransom was Kadokawa’s most straightforward option.

Response from Kadokawa

Kadokawa has engaged external professional organizations to investigate the incident comprehensively. They apologized for the significant inconveniences and pledged to take measures to prevent future occurrences. While the specific ransom demands were not disclosed, typical ransomware attacks in recent years have involved cryptocurrencies like Bitcoin and Monero.

Comparative Analysis: Previous Attacks

This attack on Kadokawa follows a similar pattern seen in December when Insomniac Games faced a ransomware attack by the Rhysida hacker group, demanding 50 Bitcoin (approximately $2 million). The breaches exposed sensitive data about employees and upcoming projects, illustrating the broader cybersecurity challenges within the gaming industry.

Conclusion

The ransomware attack on Kadokawa Corporation underscores the persistent threat of cyberattacks in the digital age. As the company seeks to restore its services, the incident highlights the importance of robust cybersecurity measures and the potential implications for businesses and their stakeholders. Moving forward, enhancing network security and preparing for such threats remain crucial for organizational resilience.