Date | June 8, 2024 – present |
---|---|
Location | Japan |
Type | Cyberattack, Data breach, Ransomware attack |
Motive | Money |
Target | Niconico, Kadokawa Group's websites |
Suspects | BlackSuit |
On the morning of June 8, 2024, Kadokawa's website and the Japanese video-sharing platform Niconico, suffered a ransomware cyberattack by a Russian-linked hacker group called BlackSuit who claimed responsibility for the attack. [1]
Niconico is a Japanese video-sharing platform launched in 2006. Niconico's owner, Dwango, is a subsidiary of Kadokawa Corporation. [2] According to Alexa Internet, the site is the 14th most visited website in Japan as of May 1, 2022. [3]
On June 3, 2021, Kadokawa Taiwan reported a cyberattack leaking personal and corporate information. [4]
Two days after the initial attack, Wired noted that ransomware is getting more problematic in 2024, stating that ransomware attacks are "accelerating in 2024". [5]
Japan's cyber security has been criticized for lacking IT expert specialists, with about 90% of domestic companies having none according to a think tank survey. [6] One day before the initial attack, Japanese prime minister Fumio Kishida ordered his minister to craft a bill boosting Japan's "active cyber defense". [7]
A connection problem with Kadokawa Group services including Niconico was reported from around 3:30 ( JST) on June 8, 2024. Dwango stopped all Niconico services with issues at around 6:00 ( JST) on the same day and conducted maintenance. [8] [9]
On June 9, Kadokawa reported the incident to the police, expert specialists, and the Kanto Local Finance Bureau. On June 14, upon investigation, Kadokawa confirmed that the outage was caused by a ransomware cyberattack, and it was also found that despite remotely shutting down the website's services, the attackers were observed restarting the servers to continue to spread the malware; in response, Kadokawa physically disconnected the servers power and communication cable. [10] On the same day, Niconico set up a temporary website detailing the situation. [2]
On June 27, the Russian-linked hacker group "BlackSuit" published a statement on the dark web claiming responsibility for the attack and threatening to publish the 1.5 terabytes of stolen data of business partners and user information unless a ransom was paid by July 1st. [11] [12] [1]
On July 10, Kadokawa release a statement warning the public that disseminating any leaked information from the data breach will result in legal action. [13]
Niconico and Kadokawa's official website services are expected to be back online by August 5. [14] [15]
Niconico announced that all their scheduled programming would be canceled until the end of July. [2]
During this attack, Kadokawa's stock price declined, and by July 3, Kadokawa's stock price had dropped by over 20%. [16] Kadokawa's publishing business' manufacturing end was briefly put on hold after the attack and e-books distribution was delayed. Kadokawa Umbrella, it's online shop was affected and cannot receive nor ship orders. [17]
Kadokawa Dwango Gakuen , a private correspondence high school owned by Kadokawa was affected by the attack but restored its services on June 10. [10]
Niconico implemented new security measures after the attack as well as rebuilding it's systems. [18]