Japanese Anime Website niconico Suffers Ransomware Cyberattack, Hackers Threaten to Release Stolen Data

On June 29, TapTechNews reported that the anime bullet comment website, niconico, released a statement on June 14 saying that the company's data center had suffered a ransomware cyberattack, resulting in a large number of virtual machines being encrypted and unusable.

Subsequently, the related cyber security incident escalated, and the parent company, Kadokawa Group, issued a statement confirming that not only niconico, but also Kadokawa's official website and its e-commerce platform, Ebten, were affected, and related websites were temporarily inaccessible. And niconico allegedly unplugged the power cords and communication cables of the servers to prevent the spread of infection, which also resulted in all the servers in the website's data center being unusable.

According to the security website BleepingComputer, the hacker group BlackSuit announced yesterday that it was responsible for the niconico/Kadokawa cyberattack incident. These hackers claimed that they had successfully invaded the group's network environment a month ago, but due to language differences, it took them quite some time to scout and understand how the networks between the head office and subsidiaries were connected, so they launched the attack this month.

The hackers said that the major websites under Kadokawa were improperly configured, and the overall particularly chaotic, and the networks between the subsidiaries were directly connected to the Kadokawa head office infrastructure, so it was very easy to obtain the highest privileges.

In addition to damaging the niconico / Kadokawa official website / Ebten e-commerce platform websites, the hackers also claimed that they had encrypted key data files within the entire Kadokawa group network environment, and at the same time obtained about 1.5 terabytes of internal materials, mainly including contracts, signature files, legal files, platform user information, corporate employees' personal privacy information, business plans, financial materials, etc., and these hackers threatened Kadokawa that if the ransom was not paid within the agreed time, they would release all the stolen data on July 1.