Japan
October 31, 2022: Cyberattack at Osaka Hospital Halted Non-Emergency Services
Osaka General Medical Centre issued a statement that the ransomware attack temporarily disrupted the facility’s electronic medical record system. It has stopped providing outpatient care and postponed non-emergency surgeries. The medical centre’s Sumiyoshi Ward is still performing emergency operations.
Hospital staff noticed unusual activity in the hospital’s network in the early hours of October 31. Soon after, they received a message from the threat actors saying: “All files have been encrypted. Please pay in bitcoin for recovery. The amount depends on how quickly you email us.” Staff are working to restore the system and using paper medical records until the incident is resolved.
July 30, 2020: Konica Minolta hit by RansomEXX
Business technology giant Konica Minolta was hit with a ransomware attack at the end of July. It started with customers reporting that the company's product supply and support site was not accessible. The attack impacted services for almost a week. Some Konica Minolta printers were also displaying a 'Service Notification Failed' error.
BleepingComputer reported a source shared a copy of the ransom note used in the attack and reported devices in the company were encrypted. The ransom note belongs to RansomEXX.
October 31, 2021: Lockbit Ransomware Gang Say Japan Hospital Paid $30K Ransom
Russian hackers claim a Japanese hospital paid $30,000 to regain access to electronic medical records. The records were encrypted in a ransomware attack last October, causing major disruption to the medical institution's operations.
At the time of the Oct. 31 attack, Handa Hospital refused to pay the ransom. The hospital said it will build a new electronic medical record system at a cost of 200 million yen.
The town of Tsurugi, which runs the targeted Hospital, has denied paying ransom money. Experts suspect that an IT firm involved in attempts to restore access to the records secretly reached a deal with the hackers.
Japanese police have been urging those targeted in ransomware attacks to not pay money demanded of them.
February 28, 2022: Kojima Industries, a Toyota Supplier, Suffers Cyberattack
Toyota shut down production in Japan because Kojima Industries , one of its domestic suppliers, suffered a cyberattack. Kojima Industries provides plastic and other parts to Toyota.
Toyota employs a kanban "just-in-time" production method, so when Kojima was hit by ransomware which halted their key plastic and electronics parts production, Toyota chose to shutdown all 14 plants, and their network connections, to contain the spread. Toyota and subsidiaries were unable to keep their plants running. This is occurring amid ongoing parts and component shortages in the industry.
Toyota subsidiaries Hino Motors and Daihatsu Motor will also halt operations at some plants in Japan.
November 11, 2021: Panasonic Breached in Attack
Osaka, Japan-based Panasonic Corporation confirmed its network was illegally accessed by a third party on November 11 and data ended up accessed in the breach, officials said.
As soon as the electronics giant discovered the breach, it initiated an internal investigation and discovered some data on a file server had been accessed during the intrusion. Panasonic spokesperson Dannea DeLisser said the breach began on June 22 and ended on November 3 — and the unauthorized access was first detected on November 11.
June 1, 2021: Fujifilm Now Operating after Ransomware Attack
Japan’s major film provider, Fujifilm, finally restored operations on June 14, following a ransomware attack earlier this month.
On June 4, Fujifilm said it fell victim to a ransomware attack on June 1 which forced the company to shut down its network and servers across the globe. Beyond the shutdown, there were order processing delays. While most regions were able to get back up and running fairly quickly, Japan suffered the biggest impact.
Fujifilm manufactures a wide variety of products, including rapid COVID19 test kits.
February 15, 2021: Turbomachinery manufacturer attacked with ransomware
On February 15, 2021, a defect was detected in internal system of the Elliott head office and confirmed an attack by ransomware on the mail system and certain servers. As the damage from the ransomware attack, some problems were confirmed in production or ordering systems at Elliott plants. Upon detection, Ebara Corporation, the Group’s Headquarters in Japan, and the Elliott Group in the United States immediately undertook a robust forensic investigation to determine the extent of the defect, its impact and potential consequences.
As of this writing, Nefilim Ransomware group has posted teaser files, one 6GB and 1 549KB in size as proof of data breach.
January 1, 2005: Errant AntiVirus Definition Brings Down Railway LANs
WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.
January 1, 2003: Computer Error Grounds Japanese Flights
WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.
January 1, 2006: Power Plant Security Information Leaked Onto Internet
WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.