‘Kadokawa paid $3M in ransom, data got leaked anyway’
Japanese media company Kadokawa paid a Russia-linked ransomware group $2.98 million in exchange for deletion of the stolen data. Instead, the hackers ultimately published the data anyway.
In June, Kadokawa confirmed that the company was the target of a ‘significant cyberattack’.
The media company launched an investigation into the impact and scope of the incident. At the time, the company couldn’t say whether confidential information was leaked. However, it was sure that no credit card information was stolen.
Soon after the incident, a hacking group called BlackSuit claimed responsibility for the attack and that it had stolen 1.5 gigabytes of sensitive corporate data, including contracts, legal documents, user and employee information, business plans, project data, financial records, and other internal papers.
The hackers threatened to publicly release this information, unless Kadokawa paid an unknown amount of ransom.
Japanese media outlet Kyodo News hired cybersecurity firm Unknown Technologies to investigate the matter. Experts found out that a transaction worth $2.98 million was made in June. In the end however, BlackSuit decided to release the stolen data, even though it got paid.
According to an inside source, Kadokawa paid the ransom within 48 hours to a cryptocurrency account. He told Kyodo News that the hackers initially demanded $8.25 million. The company persuaded the hacking group it couldn’t pay more than $3 million due to strict compliance measures following bribery scandals concerning the Tokyo Olympics.
Unknown Technologies confirmed that around 44 Bitcoins, which were worth $2.98 million at the time, had been sent to a cryptocurrency account.
Kadokawa declined to comment on the matter, saying the investigation into the data breach is still ongoing.
BlackSuit is a ransomware operation that emerged early April 2023. The group is known for infiltrating organizations, exfiltrating victim data and extorting victims. If they refuse to pay ransom, all stolen information is being sold or made public.
Your email address will not be published. Required fields are marked