Popular video game developer FromSoftware, known for titles like Elden Ring and Dark Souls, is facing a major security crisis after parent company KADOKAWA was hit by a crippling ransomware attack by the BlackSuit group on June 27.
According to a message posted on the dark web and shared on X (formerly Twitter) by T. Nihonmatsu this week, BlackSuit claims to have infiltrated the Japanese giant’s network nearly a month ago. The hackers allege they exploited vulnerabilities in the company’s interconnected network infrastructure, granting them access to a staggering 1.5 TB of data.
The data reportedly includes a nightmarish cocktail of sensitive information which includes employee records, user platform data, contracts, project details, and financial documents. The hacker group emphasizes the sensitive nature of this data, stating “Japanese citizens would prefer to keep data about their private lives private.” BlackSuit is threatening to leak this data on July 1 if Kadokawa doesn’t meet their ransom demands, and that current negotiations haven’t met their price expectations.
The attack has significantly disrupted KADOKAWA’s operations, impacting subsidiaries like Dwango and Niconico. While Kadokawa aims to restore services by July’s end, the full extent of the damage remains unclear.
While demanding a hefty ransom, BlackSuit also appears to be relishing the opportunity to expose KADOKAWA’s security weaknesses. The hackers have criticized the company’s I.T. department, claiming that they were slow to detect the intrusion and lacked a comprehensive understanding of network vulnerabilities. “This incident required a complete review of the network architecture, and KADOKAWA’s customers had to wait while the I.T. department reconfigured the entire network.”
BlackSuit’s message implies that if KADOKAWA doesn’t pay, the leaked data will not only damage the company’s reputation but also force them to overhaul their network security. “If data is leaked, KADOKAWA will have to change not only its network infrastructure but also its business model,” BlackSuit said.
With the July 1 deadline looming, KADOKAWA has to make a crucial decision to prevent a potential impact on the privacy of countless users.