Japanese electronics producer Casio confirmed on Friday {that a} cyber incident introduced earlier this week was a ransomware assault that doubtlessly uncovered the data of staff, clients, enterprise companions and associates.
In an up to date assertion, the corporate stated the October 5 assault concerned servers that “had been broken by a third-party ransomware assault.”
A number of programs have been rendered unusable because of the ransomware assault, and an investigation revealed that the hackers had gained entry to information held on the impacted servers. The corporate shut down the servers and employed exterior safety corporations to assist with the response.
Casio created a job drive to work on restoring the interior programs that have been affected, and the corporate notified police in Japan of the incident on October 6. Officers additionally contacted Japan’s Private Data Safety Fee on October 7.
As of Friday, Casio stated it believes the non-public data of non permanent and contract staff was leaked. The private data of staff at affiliated corporations was additionally uncovered alongside information from enterprise companions, individuals who have interviewed for jobs on the firm prior to now and a few clients “who use providers supplied by the Firm and a few of affiliated corporations.”
Casio didn’t define what particular information was taken from every group however stated buyer bank card data was not included.
The assertion provides that data associated to contracts, invoices and gross sales associated to present and former enterprise companions in addition to Casio associates was additionally leaked in the course of the assault.
Inner authorized paperwork and information on human useful resource planning, audits, gross sales, technical data and extra could have been accessed by the hackers.
“Please bear in mind that there’s a chance that your private data could also be misused to ship you unsolicited e-mails comparable to phishing e-mails or spam e-mails. Should you obtain any suspicious e-mails, please don’t open it and delete it,” Casio stated.
The corporate additionally requested that stolen data not be unfold via social media as a result of it “may enhance the harm attributable to the leak of knowledge on this case, violate the privateness of these affected, have critical results on their lives and companies, and encourage crime.”
The assault was claimed by the “Underground” ransomware gang on Thursday. The hackers stated they stole 204.9 GB of knowledge from the corporate and provided samples of what was taken to show its legitimacy.
Researchers stated the group first emerged in July 2023 and a number of other specialists defined that it appears to have hyperlinks to the Russia-based RomCom cybercrime group.
Fortinet famous that the group has listed 16 victims, with most based mostly within the U.S. and Europe. Microsoft revealed a report final 12 months outlining the operations of RomCom, which they stated is “recognized to conduct opportunistic ransomware and extortion-only operations, in addition to focused credential-gathering campaigns doubtless in assist of intelligence operations.”
“[The group] operates, develops, and distributes the RomCom backdoor. The actor additionally deploys the Underground ransomware, which is carefully associated to the Industrial Spy ransomware first noticed within the wild in Could 2022,” the corporate stated.
“Recognized ransomware assaults have impacted the telecommunications and finance industries, amongst others.”
Microsoft added that they discovered “important code overlaps” with the Industrial Spy ransomware which they imagine means Underground is a rebrand of the identical operation.
Recorded Future
Intelligence Cloud.
Be taught extra.