Kyodo Report: E-mails Indicate Kadokawa Paid Hackers US$2.98 Million After Cyber Attack

Kyodo Report: E-mails Indicate Kadokawa Paid Hackers US$2.98 Million After Cyber Attack

Kyodo report states hacker group still leaked stolen information from conglomerate

© Kadokawa

Japanese news agency Kyodo reported on Thursday that according to its sources, the hacker group that was allegedly behind the cyber attack of Kadokawa on June 8 e-mailed multiple Kadokawa executives after the attack stating the conglomerate sent US$2.98 million in cryptocurrency to the hacker group.

Kyodo stated it commissioned security firm Unknown Technologies Inc. to investigate the matter, and the firm found online records of a transfer of 44 Bitcoins worth around US$2.98 million made on June 13.

Kyodo published an edited and cutoff screenshot of the reported e-mail exchange. The e-mail exchange includes text from someone named “Vlad Kolesov” who claims to be the “main admin of BlackSuit,” stating BlackSuit’s “negotiator had no right to accept this payment since you violated the terms for the discount. He wa … [wording is cut off] immediately fired and now all decisions are made solely by me.” The e-mail also says, though some of the words around it are obscured, “you need to pay $8,250,000.”

The response to that e-mail, made reportedly from someone named “Shigetaka Kurita” (a person by that name is the COO of Dwango), states, “We are very sorry to hear from you that all the negotiations we have made was in vain.” The response also states, “Because of regulation as a public/listed company we can … [wording is cut off] pay more than US$3 million, which was explained to you previously. It is almost impossible to get cons … [wording is cut off] board(majority is independent) to pay more. Also, it is very difficult for us to trust you now, considering … [wording is cut off] negotiation process we had.”

Kyodo stated the ransomware group purporting to be Russia-linked BlackSuit ultimately leaked the stolen information. The hacking group claimed it had stolen encoded data amounting to 1.5 terabytes. Kadokawa confirmed that the personal information of all of the employees of its subsidiary Dwango had been leaked.

Kyodo added news that Kadokawa may have paid the hacker group will likely spark controversy on whether the reported payment was an appropriate response.

Kyodo said Kadokawa declined to comment on whether it paid money to the hacking group, citing an ongoing police investigation.

The hacking group claimed previously that it had not received any money, but has not responded for requests for interviews since then.

After the June 8 cyber attack, Kadokawa shut down its servers to isolate the damage, but the cyber attack’s perpetrator was observed to be remotely restarting those servers to continue the malware’s spread. To stop this, the staff physically disconnected the servers’ power and communications cables. Kadokawa notified police of the situation on June 9, and consulted external specialists. Kadokawa also notified the Kanto Local Finance Bureau.

The attack affected the Niconico website, and also temporarily affected Kadokawa‘s business operations in multiple ways, such as its book printing business and online merchandise orders.

After a Reuters’ report last month claiming that Sony was in talks to buy Kadokawa, Kadokawa released a statement on November 20 confirming that it received an initial letter of intent for acquisition of its shares, but stated “no decision has been made at this time.”

Sources: Kyodo, The Mainichi


Disclosure: Kadokawa World Entertainment (KWE), a wholly owned subsidiary of Kadokawa Corporation, is the majority owner of Anime News Network, LLC. One or more of the companies mentioned in this article are part of the Kadokawa Group of Companies.

Read More

Zaļā Josta - Reklāma