BlackSuit KADOKAWA Corporation

This morning, ransomware group BlackSuit added Japanese media conglomerate KADOKAWA Corporation to its data leak site. This follows confirmation from the company that it had sustained a ransomware attack on June 8 with system recoveries ongoing.

In its post, BlackSuit alleges to have stolen 1.5TB of data and provides commentary on the attack. It alleges that KADOKAWA’s IT department had detected BlackSuit’s presence within its network three days before the encryption began. It also suggests that KADOKAWA had tried to reach a deal with the hackers but that the amount was “extremely low for this company.”

BlackSuit also goes on to say that it has “gained access to very personal information regarding Japanese citizens” alluding to the fact that this includes emails and browsing history people would rather be kept private.

KADOKAWA has been releasing regular updates about the attack and the type of attack it has sustained. It issued an update earlier today (in Japanese) about the ongoing restoration of its systems. It hopes some will be restored by early July but disruptions to publications continue, particularly for the number of copies shipped for existing publications which is at about one-third of its normal level. It is currently investigating the possibility of data leakage and expects to have more accurate information in July.

It hasn’t confirmed BlackSuit’s claims or how attackers allegedly entered its systems. Comparitech has contacted KADOKAWA for more details and will update the article if it responds.

Who is BlackSuit?

BlackSuit first emerged in April 2023, and has a history of attacking critical industries like healthcare, government, and education. It’s a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.

Comparitech has logged 30 confirmed attacks claimed by BlackSuit, 15 of which occurred this year. It is also the group behind the ongoing attack on tech company CDK Global which is causing widespread disruptions to many US car dealerships.

We’ve logged a further 51 unconfirmed attacks claimed by BlackSuit.

Ransomware attacks on Japanese companies

So far this year, we have tracked 10 confirmed attacks on Japanese companies. The largest of these (based on records affected) was the attack on Izumi Co., Ltd. which is reported to have affected 7,784,999 pieces of personal information. The group behind this attack remains unknown. This attack on KADOKAWA is the first to be confirmed attack on a Japanese company via BlackSuit.

We have also logged a further 10 unconfirmed attacks on Japanese companies to date this year.

The average ransom on Japanese companies (from 2018 to present) is $5.56 million USD.

More about KADOKAWA Corporation

Located in Tokyo, KADOKAWA was formed when the original Kadokawa Corporation and Dwango Co., Ltd. merged in 2014. As an entertainment company, it specializes in a range of areas including publishing, web services, games, and videos.