Kadokawa Corporation reports ransomware attack on Dwango subsidiary
Learn More
Kadokawa Corporation has reported a cyber attack on its subsidiary, Dwango which impacts Niconico video services and various other business operations.
Kadokawa Corporation is a Japanese media conglomerate. The company was originally established as Kadokawa Shoten, a publishing house, and has since grown through various mergers and acquisitions. In October 2014, Kadokawa merged with Dwango Co., Ltd., a telecommunications and media company best known for operating Niconico, one of Japan’s largest video-sharing platforms.
The ransomware attack occurred on June 8, 2024 and led to the suspension of Niconico's services and other Kadokawa business functions.
Kadokawa confirmed the cyber attack caused encryption of data and denial of services, typical of ransomware incidents. An emergency task force was established to investigate and restore affected servers. The ransomware attack reached the internal network, requiring shutdown of private servers to prevent further damage. Despite these efforts, the perpetrator was able to remotely restart the servers, which prompted the staff to physically disconnect the servers' power and communication cables.
Niconico's public cloud servers, used for video and live streaming services, were not directly affected, but private company-held servers were compromised.Several services have been suspended, including:
- Niconico Dōga
- Niconico Live streaming
- Niconico Channels
- Niconico account login for external services
- Music monetization
- Dwango Ticket
- Select Dwango JP Store services
- Remote N Prep School (services restored)
No confirmed leak of personal data, including credit card information, has been reported as of June 14. The company has notified the police and the Kanto Local Finance Bureau and is consulting external specialists for a thorough investigation.
Full restoration of services is expected to take over a month, with gradual resumption planned.
Niconico Premium members and paid channel members will be compensated for June and July, and channel operators will be compensated for their earnings during this period. Kadokawa aims to restore core systems and establish a more secure network by the end of June.
Update - As of 27th of June 2024, the BlackSuit ransomware gang has claimed responsibility for a cyberattack on Kadokawa, threatening to publish all stolen data by July 1 if a ransom is not paid. The claimed stolen data includes:
- contacts,
- confidential documents,
- employee data,
- business plans,
- financial data,
a small sample already posted on their data leak site. They are threatening to release 1.5TB of data and personal information unless the company pays up.
As of 30th of June 2024, Kadokawa confirmed that the stolen data includes business partner information, including contracts and other documents, as well as internal company data such as personal information on all employees of its subsidiary Dwango, which runs the popular Japanese video-sharing site Niconico.
As of 3rd July 2024, Kadokawa reports that hackers responsible for the cyberattack have claimed to leak additional stolen data. The Kadokawa Dwango Educational Institute reported that a cyberattack led to the apparent leak of personal information belonging to some students and graduates of its two correspondence schools, which together enroll about 30,000 students.
As of 7th of August 2024, Kadokawa Corporation, reported that the data breach is affecting 254,241 individuals.
As of 10th of September 2024, Black Suit ransomware gang leaked more files from Kadokawa group. In a statement, Kadokawa claimed that the most recently published information is likely “not new,” but added that it will continue to examine it with help from “external experts.” There is no evidence of a new cyberattacks on the company’s systems according the statement.
As of 16th of December 2024, an investigation revealed that Kadokawa paid approximately $3 million in cryptocurrency to the BlackSuit ransomware group, with leaked emails showing negotiations down from an initial $8.25 million ransom demand.
