The BlackSuit ransomware gang claimed a latest cyberattack on KADOKAWA company and is now threatening to publish stolen knowledge if a ransom isn’t paid.
KADOKAWA is a Japanese media conglomerate that operates quite a few firms in movie, publishing, and gaming industries, resembling FromSoftware, the maker of Elden Ring.
Nearly three weeks in the past, the corporate reported that “a number of web sites of the KADOKAWA Group are at present experiencing service outages” on account of a cyberattack on June 8.
The incident impacted many of the firm’s and its subsidiary’s operations as they had been hosted in the identical knowledge middle, which had been encrypted by ransomware. The impacted firms included the favored Japanese video-sharing platform Niconico, first reported by TheRecord.
Since then, KADOKAWA has been offering updates on the standing of the cyberattack and its affect on its infrastructure.
The newest replace is from right this moment, wherein KADOKAWA says most of its operations proceed to be impacted, with all Niconico companies nonetheless suspended.
“In response to the system failure, KADOKAWA is engaged on constructing a safe community and server atmosphere,” explains right this moment’s replace.
“Its high precedence is to revive the accounting capabilities, that are elementary to its enterprise actions, and to normalize the manufacturing and distribution capabilities within the publication enterprise, which generate appreciable income. The accounting capabilities, owing partly to measures in an analog method, are anticipated to be restored in early July.”
Whereas KADOKAWA revealed that they suffered a ransomware assault, they’d not shared what ransomware operation was behind the assault.
At the moment, the BlackSuit ransomware gang claimed duty by including the resort chain to their knowledge leak web site and printed a small pattern of the stolen knowledge.
The risk actors say they will publish all the stolen knowledge on July 1 if a ransom isn’t paid, together with contacts, confidential paperwork, worker knowledge, enterprise plans, and monetary knowledge.
The BlackSuit ransomware operation was launched in Could 2023 as a rebrand of the Royal ransomware operation.
The ransomware operators are believed to be from the now shutdown Conti cybercrime syndicate, an organized cybercrime gang comprised of Russian and Japanese European risk actors.
In November 2023, the FBI and CISA warned that the ransomware operation was linked to assaults on at the very least 350 organizations worldwide since September 2022 and greater than $275 million in ransom calls for.
Most lately, BlackSuit performed an assault on CDK International, which precipitated huge disruption to automotive dealerships all through North America.