In a press release published by IGN, Kadokawa Corporation admitted that it suffered a ransomware attack orchestrated by Black Suit. The firm is the parent of FromSoftware behind Elden Ring and faces a demand for payment to avert the public release of the stolen information.
Kadokawa Suffers Ransomware Attack
Kadokawa Corporation suffered the ransomware attack at the onset of June, as illustrated by IGN. The June 8 incident targeted its Japan-based servers, particularly affecting the Niconico – a video-sharing application.
The company is exploring solutions and quick workarounds to normalize the systems and business operations. The efforts prioritize resolving the present system failure affecting key businesses while investigating the information leakage.
Kadokawa confirmed suspending all services offered within the NicoNico family. This implies that users can access external services from their NicoNico account. Nonetheless, the company promises to restart the services on a piecemeal basis.
The journey is traced to April 1945, when Kadokawa Shoten established FromSoftware. The Tokyo-headquartered firm would 1994 publish King’s Field, Demon’s Souls in 2009, and two years later, Dark Souls (2011).
Black Suit Affirms Involvement in Attacking Kadokawa
Kadokawa has yet to clarify whether FromSoftware suffered the attack. At first, the company failed to identify parties behind the attack, only for a group identified as Black Suit to take credit.
Black Suit was earlier identified as Royal, as disclosed by Techcrunch in a 2023 report that it realized over $275M in ransoms paid last year.
A statement from the RansomLook that tracks open-source ransomware indicates that Black Suit outlines the information collected during the exploit, including staff information, project code, and contracts.
Black Suit acknowledged accessing the Kadokawa network a month ago. While it was laborious owing to the language barrier, the team discovered that the subsidiaries’ networks were intertwined in the mess created by the IT department.
Black Suit confirms gaining access to the control center where they encrypted the entire network. NicoNico, Dwango, and Kadokawa were among the systems they accessed, alongside other subsidiaries, as they downloaded 1.5 terabytes of data.
Black Suit admitted that Kadokawa’s IT department discovered their presence three days before encrypting the network. The admins attempted to eliminate the Black Suit team from the network by blocking one server.
Kadokawa’s IT team attempted to change the admin credentials through Black Suit and managed to have undetectable access to their network. Black Suit called the actions hacktivism, though indicated it would enhance the network security for an unnamed fee within the one-week deadline before releasing the data stolen by July 1.
Hacktivism Targets Gaming Studio and Publishers
Hacktivism is popular among the LulzSec, Anonymous, and the Chaos Computer Club as breaking into the system to realize a socially and politically motivated purpose. The access to Kadokawa is the prime motivator.
Black Suit indicated that Kadokawa Group’s management is responsible for the private lives of the citizens since it can pay the bills.
Kadokawa confirmed investigating the attack with the help of external professional entities besides apologizing for the inconvenience and challenges from the attack-related system failure.
Kadokawa and the actor Black Suit are yet to disclose the payment type demanded. However, ransomware attacks often involve Monero and Bitcoin or other crypto for them to decrypt the files.
A similar incident emerged in December when Sony disclosed a ransomware attack involving Insomniac Games. The Rhysida hacker group claimed the attack and sought 50 Bitcoin payments, translating to $2 million, to return the stolen information.
Insomniac Games confessed to the loss of sensitive data of their former and existing staff alongside the contractor data. Also affected was the yet-to-launch Wolverine Game based on Marvel superheroes.
Like the Kadokawa, Insomniac Games expressed disappointment with the criminal cyberattack for causing an emotional toll on the developers’ team. The studio assured us it was working to ascertain the data affected by the attack.