Kadokawa

History

2024: Payment of $3 million ransom to cybercriminals to unlock computers infected with ransomware virus

On December 13, 2024, it became known that the Japanese media conglomerate Kadokawa, which manages numerous companies in the film industry, publishing and gaming industry, paid a ransom to cybercriminals in the amount of about $3 million to unlock computers infected with the ransomware virus. The BlackSuit group claimed responsibility for the hacker attack.

The incident in question occurred in June 2024. Attackers attacked Kadokawa servers located in one of the data centers. As a result of the invasion, subsidiary Niconico - a major video hosting site in Japan - temporarily shut down its streaming platform and user channels. At the same time, BlackSuit hackers stole about 1.5 TB of information, including contracts, internal company documents and personal data of all Kadokawa employees.

𝓲

Freepik

The investigation of the attack was commissioned by Kyodo News by information security firm Unknown Technologies. Experts were able to find emails confirming negotiations between hackers and one of the chief operating directors of Dwango, a subsidiary of Kadokawa, which operates the Niconico platform. It is said that the attackers initially demanded a ransom of $8.25 million. However, the affected company said it could not pay more than $3 million.

The hackers allegedly agreed to delete the stolen data only if they received an agreed ransom within 48 hours. After that, Kadokawa carried out a transaction in cryptocurrencies in the amount of $2.98 million. However, later, according to the Recorded Future News resource, the attackers still released part of the stolen confidential information.^[1]

Notes