| Category | Details |
|---|---|
| Threat Actors | BlackSuit ransomware group (formerly Royal ransomware, linked to Conti cybercrime gang) |
| Campaign Overview | Kadokawa, a Japanese media company, paid a $3 million ransom after a data breach by BlackSuit. Data including contracts and employee information was leaked. |
| Target Regions (Victims) | Kadokawa, its subsidiary Niconico (a major video-posting platform in Japan) |
| Methodology | Ransomware attack, data exfiltration, negotiations for ransom payment, leak of sensitive company data on the dark web |
| Product Targeted | Kadokawa servers, Niconico platform, company data including contracts, internal documents, and employee information |
| Malware Reference | BlackSuit ransomware (a rebrand of the Royal ransomware group) |
| Tools Used | Ransomware attack tools, cryptocurrency transactions, data extraction and leak mechanisms, email communications for negotiation |
| Vulnerabilities Exploited | Poor compliance measures, lack of preventive cybersecurity infrastructure, server vulnerabilities |
| TTPs | Data exfiltration, negotiation pressure, cryptocurrency transactions, leveraging insider knowledge for communication and negotiation |
| Attribution | BlackSuit ransomware group, ex-members of the now-defunct Conti gang, known for targeting media and entertainment companies |
| Recommendations | Strengthen cybersecurity infrastructure, improve data protection measures, enforce robust compliance policies, and implement proactive security auditing |
| Source | The Record |
Read full article: https://therecord.media/kadokawa-japan-reported-ransomware-payment
The above summary has been generated by an AI language model
Leave a Reply