On the morning of June 8, 2024, Kadokawa's website and the Japanese video-sharing platform Niconico, suffered a ransomwarecyberattack by a Russian-linked hacker group called BlackSuit, who claimed responsibility for the attack.[1]
On June 3, 2024, Kadokawa Taiwan reported a cyberattack leaking personal and corporate information.[4]
Two days after the initial attack, Wired stated that ransomware attacks are "accelerating in 2024".[5]
Japan's cyber security has been criticized for lacking IT expert specialists, with about 90% of domestic companies having none according to a think tank survey.[6] One day before the initial attack, Japanese prime minister Fumio Kishida ordered his minister to craft a bill boosting Japan's "active cyber defense".[7]
Attack
A connection problem with Kadokawa Group services including Niconico was reported from around 3:30 (JST) on June 8, 2024. Dwango stopped all Niconico services with issues at around 6:00 (JST) on the same day and conducted maintenance.[8][9]
On June 9, Kadokawa reported the incident to the police, expert specialists, and the Kanto Local Finance Bureau. On June 14, upon investigation, Kadokawa confirmed that the outage was caused by a ransomwarecyberattack, and it was also found that despite remotely shutting down the website's services, the attackers were observed restarting the servers to continue to spread the malware; in response, Kadokawa physically disconnected the server's power and communication cable.[10] On the same day, Niconico set up a temporary website detailing the situation.[2]
On June 27, the Russian-linked hacker group "BlackSuit" published a statement on the dark web claiming responsibility for the attack and threatening to publish the 1.5 terabytes of stolen data of business partners and user information unless a ransom was paid by July 1.[11][12][1]
On July 10, Kadokawa released a statement warning the public that disseminating any leaked information from the data breach would result in legal action.[13]
Niconico and Kadokawa's official website services went back online on August 5.[14][15]
Impact
Niconico announced that all their scheduled programming would be canceled until the end of July.[2]
During this attack, Kadokawa's stock price declined, and by July 3, Kadokawa's stock price had dropped by over 20%.[16] Kadokawa's publishing business' manufacturing end was briefly put on hold after the attack and e-books distribution was delayed. Kadokawa Umbrella, its online shop, was affected and could not receive nor ship orders.[17]
Kadokawa Dwango Gakuen [ja], a private correspondence high school owned by Kadokawa was affected by the attack but restored its services on June 10.[10]
Aftermath and investigation
Niconico implemented new security measures after the attack as well as rebuilding its systems.[18]
On August 6, Kadokawa's investigation revealed that a phishing attack was the possible cause of the attack. It also confirmed that 254,241 people's information was leaked during the attack. Among the leaked data, 186,269 are from the Kadokawa Dwango Educational Institute.[19]