The BlackSuit ransomware gang has taken responsibility for a recent cyberattack on KADOKAWA Corporation and is now threatening to release stolen data if a ransom is not paid.
KADOKAWA, a prominent Japanese media conglomerate, operates numerous companies across the film, publishing, and gaming industries, including FromSoftware, the developer of Elden Ring.
Nearly three weeks ago, the company announced that “multiple websites of the KADOKAWA Group are currently experiencing service outages” following a cyberattack on June 8.
The attack affected most of the company’s operations and those of its subsidiaries, as they were hosted in the same data center and were encrypted by ransomware. Among the impacted entities was the popular Japanese video-sharing platform Niconico, as first reported by TheRecord.
Since then, KADOKAWA has been providing updates on the status of the cyberattack and its impact on their infrastructure.
In today’s latest update, KADOKAWA states that most of its operations remain affected, with all Niconico services still suspended.
“To address the system failure, KADOKAWA is working on establishing a secure network and server environment,” today’s update explains.
“Their top priority is to restore the accounting functions, which are crucial to their business activities, and to normalize the manufacturing and distribution functions in the publication business, which generate significant revenue. The accounting functions, partly due to interim analog measures, are expected to be restored by early July.”
While KADOKAWA disclosed that they had suffered a ransomware attack, they did not reveal which ransomware operation was responsible.
Today, the BlackSuit ransomware gang claimed responsibility by listing KADOKAWA on their data leak site and publishing a small sample of the stolen data.
The threat actors have stated that they will release all of the stolen data on July 1 if the ransom is not paid. This data includes contacts, confidential documents, employee information, business plans, and financial records.
KADOKAWA on the BlackSuit data leak site
Source: BleepingComputer
The BlackSuit ransomware operation, launched in May 2023, is a rebranding of the Royal ransomware operation.
The operators are believed to be former members of the now-defunct Conti cybercrime syndicate, an organized group of Russian and Eastern European threat actors.
In November 2023, the FBI and CISA issued a warning linking the BlackSuit operation to attacks on at least 350 organizations worldwide since September 2022, with ransom demands exceeding $275 million.
Most recently, BlackSuit carried out an attack on CDK Global, causing significant disruption to car dealerships across North America.
Source: BleepingComputer, Lawrence Abrams
