FromSoftware and Spike Chunsoft’s parent company’s data held at ransom in cyberattack

Kadokawa Corporation experienced an extensive cyberattack earlier this month. As reported by NHK News on June 27, the hacking group Black Suits has claimed responsibility for the attack, issuing a statement saying that they have stolen a large amount of the group’s data.  

Starting out as book publisher, Kadokawa Corporation owns numerous companies that will be familiar to game and anime fans, including Elden Ring developer FromSoftware and the merged game developer and publisher Spike Chunsoft. Many users probably noticed something was wrong when they tried to access popular Japanese video streaming site Niconico. 

Niconico currently has a single page up announcing that it has been the victim of a cyberattack – with a comment field open to site visitors.  

According to the NHK report, Black Suits claims to have stolen 1.5 terabytes of internal data that includes business plans and user-related information. The hackers claim that the data will be made public on July 1 if the ransom is not paid.  

Kadokawa Corporation are currently investigating the attack with help from external specialist organizations. In their statement to NHK, they assure users that credit card information is not stored in-house, so that element of personal data has not been affected by the attack. “We expect to have more accurate information about the situation next month, and will make a public statement then.” said a Kadokawa Corporation spokesperson. 

Black Suits has been active since around May last year. It has launched numerous attacks using ransomware against a variety of organizations including those involved in healthcare, education and finance but most of these have been in the USA. This includes a recent attack on CDK Global that paralyzed car sales in the USA. Kadokawa Corporation is their first confirmed cyberattack on a Japanese organization. 

The Kadokawa Corporation’s websites have been down since the ransomware attack on June 8, with a temporary portal site currently providing updates on the situation.