2024 cyberattack on Kadokawa and Niconico explained

On the morning of June 8, 2024, Kadokawa's website and the Japanese video-sharing platform Niconico, suffered a ransomware cyberattack by a Russian-linked hacker group called BlackSuit who claimed responsibility for the attack.^[1]

Background

Niconico is a Japanese video-sharing platform launched in 2006. Niconico's owner, Dwango, is a subsidiary of Kadokawa Corporation. According to Alexa Internet, the site is the 14th most visited website in Japan as of May 1, 2022.^[2]

On June 3, 2021, Kadokawa Taiwan reported a cyberattack leaking personal and corporate information.^[3]

Two days after the initial attack, Wired noted that ransomware is getting more problematic in 2024, stating that ransomware attacks are "accelerating in 2024".^[4]

Japan's cyber security has been criticized for lacking IT expert specialists, with about 90% of domestic companies having none according to a think tank survey.^[5] One day before the initial attack, Japanese prime minister Fumio Kishida ordered his minister to craft a bill boosting Japan's "active cyber defense".^[6]

Summary

A connection problem with Kadokawa Group services including Niconico was reported from around 3:30 (JST) on June 8, 2024. Dwango stopped all Niconico services with issues at around 6:00 (JST) on the same day and conducted maintenance.^{[7] [8]}

On June 9, Kadokawa reported the incident to the police, expert specialists, and the Kanto Local Finance Bureau. On June 14, upon investigation, Kadokawa confirmed that the outage was caused by a ransomware cyberattack, and it was also found that despite remotely shutting down the website's services, the attackers were observed restarting the servers to continue to spread the malware; in response, Kadokawa physically disconnected the servers power and communication cable.^[9] On the same day, Niconico set up a temporary website detailing the situation.^[10]

On June 27, the Russian-linked hacker group "BlackSuit" published a statement on the dark web claiming responsibility for the attack and threatening to publish the 1.5 terabytes of stolen data of business partners and user information unless a ransom was paid by July 1st.^{[11] [12]}

On July 10, Kadokawa release a statement warning the public that disseminating any leaked information from the data breach will result in legal action.^[13]

Niconico and Kadokawa's official website services went back online on August 5.^{[14] [15]}

Impact

Niconico announced that all their scheduled programming would be canceled until the end of July.

During this attack, Kadokawa's stock price declined, and by July 3, Kadokawa's stock price had dropped by over 20%.^[16] Kadokawa's publishing business' manufacturing end was briefly put on hold after the attack and e-books distribution was delayed. Kadokawa Umbrella, it's online shop was affected and cannot receive nor ship orders.^[17]

, a private correspondence high school owned by Kadokawa was affected by the attack but restored its services on June 10.

Aftermath and investigation

Niconico implemented new security measures after the attack as well as rebuilding its systems.^[18]

On August 6, Kadokawa's investigation reveals that a phishing attack was the possible cause of the attack. It also confirms that 254,241 people's information was leaked during the attack. Among the leaked data, 186,269 are from the Kadokawa Dwango Educational Institute.^[19]

See also

• List of cyberattacks
• List of data breaches

External links

• Kadokawa's temporary website (archived)
• Niconico on June 8, 2024 (via Wayback Machine)

Notes and References

1. News: NEWS . KYODO . Russia-linked group claims cyberattack on Japanese video site niconico . 8 July 2024 . Kyodo News+ . June 28, 2024 . 29 June 2024 . https://web.archive.org/web/20240629111552/https://english.kyodonews.net/news/2024/06/56192487190c-russia-linked-group-claims-cyberattack-on-japan-video-site-niconico.html . live .
2. Web site: Alexa - Top Sites in Japan . . 8 July 2024 . https://web.archive.org/web/20220501021020/https://www.alexa.com/topsites/countries/JP . May 1, 2022 . dead.
3. Web site: Cambosa . Teddy . Kadokawa Investigates Suspected Cyber Attack as Several Services Go Offline . Anime Corner . 8 July 2024 . en-us . 9 June 2024 . 9 June 2024 . https://web.archive.org/web/20240609174145/https://animecorner.me/kadokawa-investigates-suspected-cyber-attack-as-several-services-go-offline/ . live .
4. Web site: Pearson . Jordan . Ransomware Is ‘More Brutal’ Than Ever in 2024 . Wired . 8 July 2024 . June 10, 2024 . 6 July 2024 . https://web.archive.org/web/20240706201213/https://www.wired.com/story/state-of-ransomware-2024/ . live .
5. News: Editorial: Japan needs to review cyberattack countermeasures as hackers target firms . 10 July 2024 . Mainichi Daily News . 10 July 2024 . en.
6. News: Japan PM vows to boost 'active cyber defense' to prevent cyberattacks . 10 July 2024 . Mainichi Daily News . 7 June 2024 . en . 12 June 2024 . https://web.archive.org/web/20240612202516/https://mainichi.jp/english/articles/20240607/p2g/00m/0na/058000c . live .
7. Web site: KADOKAWA、ランサムウェアなどで攻撃 ニコニコは「1から作り直すような規模の作業が必要」 . ASCII.jp . 8 July 2024 . ja . June 14, 2024.
8. Web site: Cayanan . Joanna . Kadokawa Posts Statement After Suspected Cyber Attack (Updated) . . 8 July 2024 . June 9, 2024 . 2024-07-01 . https://web.archive.org/web/20240701215532/https://www.animenewsnetwork.com/news/2024-06-09/kadokawa-posts-statement-after-suspected-cyber-attack/.211713 . live .
9. Web site: Tai . Anita . Cyber Attack Delays Kadokawa's Releases, Accounting With Niconico Expected to Stay Offline for 1 Month or More . . 8 July 2024 . June 16, 2024 . 2024-07-01 . https://web.archive.org/web/20240701213954/https://www.animenewsnetwork.com/news/2024-06-15/cyber-attack-delays-kadokawa-releases-accounting-with-niconico-expected-to-stay-offline-for-1-month-/.211986 . live .
10. Web site: Hazra . Adriana . Niconico Remains Offline After Kadokawa Cyber Attack, No Customer Information Leaks, Publishing at 'One-Third' of Normal Rate . . 8 July 2024 . July 2, 2024 . 2024-07-04 . https://web.archive.org/web/20240704142018/https://www.animenewsnetwork.com/news/2024-07-01/niconico-remains-offline-after-kadokawa-cyber-attack-no-customer-information-leaks-publishing-at-/.212622 . live .
11. News: Jiji . Hackers behind Kadokawa cyberattack claim new info leak . 8 July 2024 . The Japan Times . 3 July 2024 . en . July 3, 2024 . https://web.archive.org/web/20240703101026/https://www.japantimes.co.jp/news/2024/07/03/japan/crime-legal/kadokawa-cyberattack-leak/ . live .
12. News: Sudo . Tatsuya . More Kadokawa data leaked as deadline for ransom passes . 8 July 2024 . The Asahi Shimbun . July 2, 2024 . July 3, 2024 . https://web.archive.org/web/20240703111017/https://www.asahi.com/ajw/articles/15329137 . live .
13. News: KADOKAWA、個人の情報”不正”発信行為に「法的措置の準備を進めております」. ja. 10 July 2024 . . July 10, 2024.
14. Web site: ～ニコニコ動画が8/5に再開、新バージョンに～ ニコニコの復旧状況およびサービス停止に伴う補償について｜ニコニコインフォ . https://web.archive.org/web/20240727094305/https://blog.nicovideo.jp/niconews/225330.html . 2024-07-27 . 2024-07-27 . blog.nicovideo.jp.
15. Web site: Cyberattack-Hit Niconico to Resume after 2 Months of Halt . nippon.com . 30 July 2024 . en . 29 July 2024.
16. Web site: KADOKAWA漏えい影響拡大 書籍出荷が滞り、株価2割下落 ｜ 共同通信 . 共同通信 . 8 July 2024 . ja . 3 July 2024.
17. Web site: Pineda . Rafael Antonio . Kadokawa Gradually Resumes Shipping of Books in August . Anime News Network . 30 July 2024 . en . 30 July 2024.
18. Web site: Tai . Anita . Niconico Services to Resume Operation Beginning on August 5 Following Kadokawa Cyber Attack . Anime News Network . 30 July 2024 . en . 30 July 2024.
19. News: August 6, 2024 . Kadokawa confirms data leak of 254,000 people due to cyberattack . August 9, 2024 . The Japan Times.