 Kadokawa's temporary website after the attack. | |
| Date | June 8, 2024 – present |
|---|---|
| Location | Japan |
| Type | Cyberattack, Data breach, Ransomware attack |
| Target | Niconico, Kadokawa Group's websites |
| Suspects | BlackSuit |
On the morning of June 8, 2024, Kadokawa's website and the Japanese video-sharing platform Niconico, suffered a ransomware cyberattack by a Russian-linked hacker group called BlackSuit who claimed responsibility for the attack. [1]
Background
Niconico is a Japanese video-sharing platform launched in 2006. Niconico's owner, Dwango, is a subsidiary of Kadokawa Corporation. [2] According to Alexa Internet, the site is the 14th most visited website in Japan as of May 1, 2022. [3]
On June 3, 2021, Kadokawa Taiwan reported a cyberattack leaking personal and corporate information. [4]
Two days after the initial attack, Wired noted that ransomware is getting more problematic in 2024, stating that ransomware attacks are "accelerating in 2024". [5]
Japan's cyber security has been criticized for lacking IT expert specialists, with about 90% of domestic companies having none according to a think tank survey. [6] One day before the initial attack, Japanese prime minister Fumio Kishida ordered his minister to craft a bill boosting Japan's "active cyber defense". [7]
Summary
A connection problem with Kadokawa Group services including Niconico was reported from around 3:30 ( JST) on June 8, 2024. Dwango stopped all Niconico services with issues at around 6:00 ( JST) on the same day and conducted maintenance. [8] [9]
On June 9, Kadokawa reported the incident to the police, expert specialists, and the Kanto Local Finance Bureau. On June 14, upon investigation, Kadokawa confirmed that the outage was caused by a ransomware cyberattack, and it was also found that despite remotely shutting down the website's services, the attackers were observed restarting the servers to continue to spread the malware; in response, Kadokawa physically disconnected the servers power and communication cable. [10] On the same day, Niconico set up a temporary website detailing the situation. [2]
On June 27, the Russian-linked hacker group "BlackSuit" published a statement on the dark web claiming responsibility for the attack and threatening to publish the 1.5 terabytes of stolen data of business partners and user information unless a ransom was paid by July 1st. [11] [12] [1]
As of July 2, Niconico and Kadokawa's official website services remain suspended. [2]
On July 10, Kadokawa release a statement warning the public that disseminating any leaked information from the data breach will result in legal action. [13]
Impact
Niconico announced that all their scheduled programming would be canceled until the end of July. [2]
During this attack, Kadokawa's stock price declined, and by July 3, Kadokawa's stock price had dropped by over 20%. [14]
Kadokawa Dwango Gakuen, a private correspondence high school owned by Kadokawa was affected by the attack but restored its services on June 10. [10]
See also
References
- ^ a b NEWS, KYODO (June 28, 2024). "Russia-linked group claims cyberattack on Japanese video site niconico". Kyodo News+. Archived from the original on June 29, 2024. Retrieved July 8, 2024.
- ^ a b c d Hazra, Adriana (July 2, 2024). "Niconico Remains Offline After Kadokawa Cyber Attack, No Customer Information Leaks, Publishing at 'One-Third' of Normal Rate". Anime News Network. Archived from the original on July 4, 2024. Retrieved July 8, 2024.
- ^ "Alexa - Top Sites in Japan". Alexa Internet. Archived from the original on May 1, 2022. Retrieved July 8, 2024.
- ^ Cambosa, Teddy (June 9, 2024). "Kadokawa Investigates Suspected Cyber Attack as Several Services Go Offline". Anime Corner. Archived from the original on June 9, 2024. Retrieved July 8, 2024.
- ^ Pearson, Jordan (June 10, 2024). "Ransomware Is 'More Brutal' Than Ever in 2024". Wired. Archived from the original on July 6, 2024. Retrieved July 8, 2024.
- ^ "Editorial: Japan needs to review cyberattack countermeasures as hackers target firms". Mainichi Daily News. July 10, 2024. Retrieved July 10, 2024.
- ^ "Japan PM vows to boost 'active cyber defense' to prevent cyberattacks". Mainichi Daily News. June 7, 2024. Archived from the original on June 12, 2024. Retrieved July 10, 2024.
- ^ "KADOKAWA、ランサムウェアなどで攻撃 ニコニコは「1から作り直すような規模の作業が必要」". ASCII.jp (in Japanese). June 14, 2024. Retrieved July 8, 2024.
- ^ Cayanan, Joanna (June 9, 2024). "Kadokawa Posts Statement After Suspected Cyber Attack (Updated)". Anime News Network. Archived from the original on July 1, 2024. Retrieved July 8, 2024.
- ^ a b Tai, Anita (June 16, 2024). "Cyber Attack Delays Kadokawa's Releases, Accounting With Niconico Expected to Stay Offline for 1 Month or More". Anime News Network. Archived from the original on July 1, 2024. Retrieved July 8, 2024.
- ^ Jiji (July 3, 2024). "Hackers behind Kadokawa cyberattack claim new info leak". The Japan Times. Archived from the original on July 3, 2024. Retrieved July 8, 2024.
- ^ Sudo, Tatsuya (July 2, 2024). "More Kadokawa data leaked as deadline for ransom passes". The Asahi Shimbun. Archived from the original on July 3, 2024. Retrieved July 8, 2024.
- ^ "KADOKAWA、個人の情報"不正"発信行為に「法的措置の準備を進めております」". Oricon (in Japanese). July 10, 2024. Retrieved July 10, 2024.
- ^ "KADOKAWA漏えい影響拡大 書籍出荷が滞り、株価2割下落 | 共同通信". 共同通信 (in Japanese). July 3, 2024. Retrieved July 8, 2024.