The large Japanese media conglomerate Kadokawa has been hit by a devastating cyberattack. The Blacksuit group has claimed responsibility for the incident and has threatened to release stolen data if a ransom is not paid.
The cyberattack occurred on June 8, and since then the company has been dealing with its aftermath. Numerous websites and services, including the popular Japanese Niconico video hosting platform, were affected. A significant portion of the company’s operations and its subsidiaries were paralyzed as their data was encrypted using the Mount Program.
Kadokawa has been regularly updating the public on the recovery progress and the impact of the incident on the company’s infrastructure. In their latest update, Kadokawa stated that most operations are still disrupted, and all Niconico services remain inaccessible.
The company is actively working to secure its network and server environment. Restoring accounting functions, which are crucial for business operations, and normalizing production and distribution functions in the publishing business, a major source of income, are top priorities. Kadokawa anticipates that accounting functions will be operational again in early July.
Despite previously not disclosing the identity of the group behind the attack, Kadokawa has now been linked to the Blacksuit group, which has threatened to release all stolen data, including contact information, confidential documents, employee details, business plans, and financial information if the ransom is not paid by July 1.
According to an announcement on the Blacksuit website, in May 2023, Blacksuit emerged as an offshoot of the Royal extortion group. Trend Micro experts suggest that Blacksuit may have originated from a faction within the original Royal group. The Royal group, known for targeting over 350 organizations worldwide since September 2022, has demanded over $275 million in ransom payments, as warned by the FBI and CISA in November 2023.