Hackers Target Elden Ring Parent Company In Ransomware Attack

Kadokawa Corporation, the parent company of Elden Ring publisher FromSoftware, recently disclosed a ransomware attack it suffered earlier this month. Ransomware attacks typically involve demands for cryptocurrencies such as Bitcoin, Ethereum, or others in exchange for decrypting files or not publishing sensitive information online.

According to a Kadokawa press release reported by IGN, the attack occurred on June 8th and targeted various servers in Japan, specifically focusing on services associated with Niconico, a video-sharing application owned by Kadokawa. The hack occurred just as FromSoftware released their latest DLC for Elden Ring, titled Shadow Of The Erdtree.

Damage Control

The company is currently working on implementing solutions and workarounds across its operations to restore normalcy to its systems and business activities. Kadokawa noted that all NicoNico family services remain suspended, preventing users when it comes to accessing external services using their NicoNico accounts. Services will gradually resume as they become available.

Founded as Kadokawa Shoten in April 1945, Kadokawa established FromSoftware in Tokyo, Japan, in 1986. Besides Elden Ring, which won GOTY (Game Of The Year) in 2022, FromSoftware is renowned for titles such as Bloodborne, Sekiro, and Dark Souls. Presently, it remains uncertain whether FromSoftware was affected by the incident or whether the hackers are associated with crypto.

Black Suit Claim Responsibility

While the report did not identify the attackers responsible for the breach, a group known as Black Suit has reportedly claimed credit as part of their hacktivism efforts. According to a 2023 Techcrunch report, Black Suit, previously known as Royal, had amassed over $275 million in ransom payments by that time.

According to a statement posted on the open-source ransomware tracking website RansomLook, Black Suit allegedly detailed the information it had obtained, including employee data, contracts, and project code.

The attackers described their infiltration of the Kadokawa network about a month before the ransomware was deployed, navigating complexities within multiple interconnected IT networks. Once inside the control center, they purportedly encrypted the entire network, including systems belonging to Dwango, NicoNico, Kadokawa, and other subsidiaries, while exfiltrating approximately 1.5 terabytes of data.