Japanese publisher Kadokawa Corporation pays $2.98 Million ransom; data leaked anyway
Japanese publishing giant Kadokawa Corporation was the victim of a ransomware attack in June 2024, which resulted in a $2.98 million cryptocurrency payment to the BlackSuit ransomware group. Despite the payment, BlackSuit appears to have leaked Kadokawa’s sensitive data, including the personal information of employees, students, and business partners.
The ransomware attack, attributed to the BlackSuit group, initially included a demand for $8.25 million in ransom. Negotiations, partially revealed in screenshots published by Kyodo News, show the company’s COO, Shigetaka Kurita, negotiating the payment amount down to $2.98 million. Kurita explained that obtaining approval for a higher amount was “almost impossible.”
BlackSuit’s negotiator was allegedly replaced mid-negotiation by someone identifying as "Vlad Kolesov," who took over discussions. BlackSuit rṄeportedly agreed to delete the stolen data if Kadokawa paid the revised amount within 48 hours. Records from Unknown Technologies confirm that 44 Bitcoins, valued at approximately $2.98 million, were sent to a cryptocurrency account on June 13, 2024.
Despite the payment, entries on BlackSuit’s leak site suggest that the group leaked Kadokawa’s data anyway. BlackSuit has not explained the leak, and attempts to contact the group for clarification were unsuccessful.
Typically, ransomware groups emphasize maintaining credibility to ensure future victims are willing to negotiate. However, BlackSuit’s actions in this case—leaking data after receiving payment—raise questions about its reliability and intentions.
Kadokawa Corporation confirmed that the personal information of 254,241 individuals has been exposed. This includes data related to 186,269 individuals associated with the Kadokawa Dwango Educational Institute, including students at N High School, a correspondence institution, information on all employees of Dwango Co., a Kadokawa subsidiary operating the Niconico video-sharing platform, and names and addresses of business partners, including artists and designers.
Kadokawa Corporation is reportedly taking steps to address the fallout from the breach while cooperating with authorities to investigate the incident. The situation has also reignited debates on the ethics and effectiveness of paying ransoms to cybercriminals.
Most Viewed
The Expert View: Securing the AI-Driven WorldSponsored by Checkpoint
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543