Connect with us

Economy & Tech

Ransomware Attack on KADOKAWA an Anomaly?

Despite a recent ransomware attack on KADOKAWA, Japanese companies have a comparatively low rate of cyber infection. Analysts identify several reasons why.



Kadokawa headquarters building in Chiyoda Ward, Tokyo, on September 6, 2022 (©Sankei by Takumi Kamoshida)

Ransomware attacks are when a bad actor locks or steals important data saved digitally and demands payment to release it. These attacks have impacted many companies. Recently, a cyberattack on the KADOKAWA Group on June 8 is still having significant repercussions. However, recent private research indicates that the ransomware infection rate in Japan has significantly decreased. Furthermore, it is remarkably low compared to 15 other major countries.

One reason for this decline appears to be the low rate of ransom payments in Japan. This has led to a perception among cybercriminals that "targeting Japanese companies is not worthwhile," possibly resulting in fewer attacks.

Complete Recovery May Take Over a Month

As of June 19, anyone calling the KADOKAWA headquarters has heard an automated message: "We are currently unable to take your inquiry due to system issues." 

This is due to the large-scale ransomware attack on the company's servers on June 8. Critically, the attack forced the suspension of many of the group's operations. KADOKAWA estimates that a complete recovery will take the company more than a month.

Infection Through Weak Links

How did it happen? Ransomware can spread through networks, causing widespread damage. Even if a company's headquarters takes precautions, an infection at a group company or within the supply chain can impact the entire organization.

In 2022, a key supplier of Toyota Motors was infected. That led Toyota to shut down all its domestic factories for a day. It took about a month to restore the system. 

Due to the severity of the consequences of attacks, ransomware was ranked as the top threat to organizations in 2023. That ranking was published by the Information-Technology Promotion Agency of Japan.

Japan's Stance on Ransom Payments

Furthermore, there have been improvements in countermeasures. The Japanese security firm Proofpoint surveyed security personnel in 15 major countries. On average, 69% of organizations in those countries experienced ransomware infections in 2023. It marked a five-point increase from the previous year, 2022. However, in Japan, the rate dropped sharply by 30 points to 38%. This was significantly below the average.

What caused this sharp decline? Yukimi Souta is the Chief Evangelist for Proofpoint Japan. She speculates, "The consistent refusal of Japanese companies to pay ransoms has been effective." From 2020 to 2022, Japanese companies uniformly had the lowest ransom payment rate among affected countries. In 2023, Japan's rate was the third lowest at 32%, compared to an average of 54%.

Japanese companies are reluctant to pay ransoms for several reasons. First, frequent natural disasters have led to widespread data backup practices, ensuring data restoration is feasible. Second, there is a strong aversion to funding criminal organizations. Third, cyberattack insurance policies typically exclude coverage for ransom payments. 

Souta analyzes that these factors have collectively discouraged attackers from targeting Japan for financial gain.

Increasing Virus Detection

Virus behavior detection and corporate defense awareness are on the rise. According to Trend Micro, a cybersecurity company, in the past viruses commonly infiltrated via email. However, the surge in telework during the COVID-19 pandemic led attackers to exploit VPN vulnerabilities. The VPNs were used to link internal systems with external sources.

In response, companies are deploying sensors to detect suspicious virus activity within their networks. The focus on security is shifting from preventing intrusion to swiftly detecting it once it happens.

However, the greatest deterrent remains refusing to meet the attackers' demands. According to Proofpoint Japan's Souta, "Even if ransom is paid, attackers do not guarantee data deletion. In the future, more countries are likely to refuse payments."


(Read the report in Japanese.)

Author: Ryotaro Fukuda