The IT Nerd

The BlackSuit ransomware gang is claiming responsibility for a June 8th cyberattack on Kadokawa Corporation, threatening to publish stolen data unless a ransom is paid. The gang has set a deadline of July 1st for the ransom, warning that the released data will include contacts, confidential documents, employee data, business plans, and financial data.

Kadokawa Corporation is a major Japanese media conglomerate involved in film, publishing, and gaming, including the well-known game developer FromSoftware. The company reported net sales of approximately $1.6 Billion USD in 2023. The cyberattack caused service outages across multiple Kadokawa Group websites, significantly disrupting the company’s operations as they share the same data center. This attack particularly affected the popular Japanese video-sharing platform Niconico.

“In response to the system failure, Kadokawa is working on building a secure network and server environment,” explained the Wednesday update.

“Its top priority is to restore the accounting functions, which are fundamental to its business activities, and to normalize the manufacturing and distribution functions in the publication business, which generate considerable revenue. The accounting functions, owing partly to measures in an analog manner, are expected to be restored in early July.”

BullWall Executive, Carol Volk had this comment:

“As Kadokawa rebuilds its systems, focusing on the protective aspects of ransomware containment is crucial. A robust ransomware containment system offers significant benefits over simple Endpoint Detection and Response (EDR) solutions. While EDR is essential for identifying and mitigating threats, a comprehensive ransomware containment system ensures that sensitive data remains secure even during an attack. This approach not only detects but also isolates and neutralizes threats”

Cigent CGO Brett Hansen follows with this comment:

“Restoring critical functions and rebuilding the network is table stakes after a major attack and fortifying against similar threats. That said, it is more a matter of protection, than detection to ensure data remains safe during an attack. When data is protected at rest, it can remain safe during an attack. There are multiple ways to ensure an attacker in-system still cannot steal or encrypt your data. zero-trust, MFA, hidden partitions and encryption are all proven methods of protecting data at rest when properly implemented.”

I wish the company luck in restoring their systems. But in this day and age, you need a plan to keep the bad guys out, and a plan to fix everything if they do get in. I am not sure about the first part of this, but this organization is certainly testing the second part right now.

Ophthalmology practice Texas Retina Associates yesterday notified nearly 300,000 customers about a data breach earlier in the year that compromised names, Social Security numbers, medical info, health insurance info, addresses, and dates of birth:

On June 26, 2024, Texas Retina Associates (“Texas Retina”) filed a notice of data breach with the Attorney General of Texas after discovering that confidential information that had been entrusted to the company was subject to unauthorized access. In this notice, Texas Retina explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, addresses, medical information, health insurance information and dates of birth. Upon completing its investigation, Texas Retina began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

Rogier Fischer, CEO and Co-Founder, Hadrian had this to say:

“We don’t have the specific details on the cause of breach or the impact of it, but based on the cases that we handled in the US, we see several issues firms in the US, particularly Texas, could face in such a situation. If a data breach occurs at a Texas-based firm, the Texas Business and Commerce Code mandates that the firm must notify affected individuals immediately. If over 250 residents are affected, the Texas Attorney General must also be informed. HIPAA rules come into play if any medical information was compromised, as in this case. The HIPPA provisions demand specific notifications and call for potential penalties on non-compliance.

The business or organization in question may face scrutiny from the FTC if their data security measures are deemed inadequate. Possible penalties in that case include fines, civil damages, and orders to improve our security protocols. Apart from the regulatory compliance issues, the organization could face potential class action lawsuits from affected individuals, citing negligence or breach of privacy. In this particular case, the Texas Attorney General could also pursue legal action, leading to civil penalties and mandated corrective actions.There are several steps to mitigate the damage in these situations, but adopting an offensive cybersecurity strategy is the best defense of all. Automated penetration testing keeps the organization a step ahead of their peers, while automated compliance and reporting ensures that the systems they have in place are up and updated all the time.”

I think it’s a pretty safe bet that Texas Retina Associates are about to come under a lot of scrutiny over this….. Whatever this is as details are pretty scarce. I hope they have answers for all the questions that they’ve about to be asked.