Kadokawa, a leading Japanese media company known for its work in manga, anime, and video games, continues to investigate the fallout from a ransomware attack in June 2024. The cyberattack, carried out by the notorious BlackSuit ransomware group, has escalated with the recent release of additional stolen data on the dark web.
The BlackSuit Ransomware Attack
Kadokawa first became a target of the BlackSuit group, a rebranded entity from the Royal ransomware gang, in June. BlackSuit’s operators are believed to have roots in the now-defunct Conti cybercrime gang, which has been linked to several high-profile ransomware attacks globally. Following the initial breach, BlackSuit began publishing small batches of stolen data and threatened to release an additional 1.5 terabytes if a ransom was not paid.
On September 10, 2024, BlackSuit uploaded new data from Kadokawa to its darknet site, raising further concerns about the extent of the breach. In a statement, Kadokawa acknowledged the claims of new data leaks, though they suggested the recently published information may not be “new” and is still under investigation by the company and its external security experts.
“We have confirmed that the organization claiming responsibility for the attack has made additional claims of releasing some of our group’s information,” Kadokawa said. “We are addressing this matter with the assistance of law enforcement and external security experts.”
Impact on Kadokawa’s Operations
Kadokawa’s business operations, which span film, publishing, and gaming, were significantly affected by the attack. Much of the company’s infrastructure, including that of its subsidiaries like Dwango, was impacted since these operations were hosted in the same data center. Dwango, known for running the popular Japanese video-sharing platform Niconico, was also hit, and the leaked data included sensitive internal company files, personal employee information, business contracts, and other documents.
Despite the damage caused, Kadokawa remains focused on recovering its systems. The company has been working “diligently toward the complete restoration of its operations” while coordinating with law enforcement and cybersecurity professionals.
Ongoing Risks and Future Outlook
As of Kadokawa’s most recent statement, no evidence has emerged of new cyberattacks on their systems, but the threat posed by BlackSuit remains a significant concern. The ransomware group has shown persistence, regularly updating its darknet site with stolen information and increasing the pressure on Kadokawa.
The group is known for using aggressive tactics, and the latest release of data is a clear indication that they are not finished with their extortion attempts. Researchers tracking the attack observed that BlackSuit’s tactics include the gradual release of stolen data to maximize pressure on victims to pay the ransom. The fact that 1.5 terabytes of sensitive information are still held by the group underscores the ongoing risks Kadokawa faces.
BlackSuit has targeted companies across various sectors, and Kadokawa’s prominence in the entertainment industry makes it an attractive target. With a wide range of business interests, including BookWalker, a popular e-book store selling manga, novels, and magazines, and a majority stake in FromSoftware, the developers behind the blockbuster game Elden Ring, the stakes for Kadokawa are high.
Apology and Commitment to Recovery
Kadokawa has expressed its sincere apologies to those affected by the breach. “We deeply apologize for the significant concern and inconvenience the attack has caused,” the company said, emphasizing its commitment to ensuring the security of its systems going forward.
As the investigation continues, Kadokawa’s primary focus is on working with cybersecurity experts to fully understand the scope of the data that has been leaked and to prevent further breaches. The company has vowed to stay vigilant and take necessary precautions to prevent future attacks.
This incident is part of a broader trend in cybercrime, where ransomware groups target major corporations with valuable intellectual property and personal data. It serves as a reminder that even the most well-established companies in the world are vulnerable to such threats and must continuously update their security protocols to stay ahead of these evolving dangers.
Conclusion
The Kadokawa breach highlights the persistent and evolving nature of ransomware attacks, especially as cybercriminals rebrand and adapt their methods. As Kadokawa works to recover from the attack and secure its operations, the threat posed by groups like BlackSuit remains very real, and the broader implications for the industry are significant.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
