Ransomware gang BlackSuit has claimed responsibility for a recent cyberattack on KADOKAWA company and is now threatening to publish the stolen data if a ransom is not paid.
KADOKAWA is a Japanese media conglomerate that operates numerous companies in the film, publishing, and gaming industries, such as FromSoftware, the creator of Elden Ring.
Nearly three weeks ago, the company reported that “several KADOKAWA Group websites are currently experiencing service outages” due to a June 8 cyberattack.
The incident impacted most of the company’s operations and its subsidiaries, as they were hosted in the same data center, which was encrypted by ransomware. Among the affected companies was popular Japanese video-sharing platform Niconico, first reported by TheRecord.
Since then, KADOKAWA has provided updates on the status of the cyber attack and its impact on its infrastructure.
The latest update is from today, in which KADOKAWA states that most of its operations continue to be impacted, with all Niconico services still suspended.
“In response to the system outage, KADOKAWA is working to create a secure network and server environment,” today’s update explains.
“Its top priority is to restore accounting functions, which are fundamental to its business operations, and to standardize manufacturing and distribution functions in the publishing industry, which generate considerable revenue. Accounting functions, thanks in part to similar measures, should be restored at the beginning of July.
Although KADOKAWA revealed that they suffered a ransomware attack, they did not indicate which ransomware operation was behind the attack.
Today, the BlackSuit ransomware gang claimed responsibility by adding the hotel chain to its data leak site and publishing a small sample of the stolen data.
The threat actors claim they will release all stolen data on July 1 if a ransom is not paid, including contacts, confidential documents, employee data, business plans, and financial data.
Source: BleepingComputer
The BlackSuit ransomware operation was launched in May 2023 as a rebrand of the Royal ransomware operation.
The ransomware operators are believed to belong to the now-shuttered Conti cybercrime syndicate, an organized cybercrime gang comprised of Russian and Eastern European threat actors.
In November 2023, the FBI and CISA warned that the ransomware operation was linked to attacks on at least 350 organizations worldwide since September 2022 and more than $275 million in ransom demands.
Most recently, BlackSuit led an attack on CDK Global, which caused massive disruptions to auto dealerships across North America.
News Source : www.bleepingcomputer.com
Gn tech
