Japan

Osaka General Medical Centre issued a statement that the ransomware attack temporarily disrupted the facility’s electronic medical record system. It has stopped providing outpatient care and postponed non-emergency surgeries. The medical centre’s Sumiyoshi Ward is still performing emergency operations.

Hospital staff noticed unusual activity in the hospital’s network in the early hours of October 31. Soon after, they received a message from the threat actors saying: “All files have been encrypted. Please pay in bitcoin for recovery. The amount depends on how quickly you email us.” Staff are working to restore the system and using paper medical records until the incident is resolved.

Business technology giant Konica Minolta was hit with a ransomware attack at the end of July. It started with customers reporting that the company's product supply and support site was not accessible. The attack impacted services for almost a week. Some Konica Minolta printers were also displaying a 'Service Notification Failed' error.

BleepingComputer reported a source shared a copy of the ransom note used in the attack and reported devices in the company were encrypted. The ransom note belongs to RansomEXX.

Russian hackers claim a Japanese hospital paid $30,000 to regain access to electronic medical records. The records were encrypted in a ransomware attack last October, causing major disruption to the medical institution's operations.

At the time of the Oct. 31 attack, Handa Hospital refused to pay the ransom. The hospital said it will build a new electronic medical record system at a cost of 200 million yen.

The town of Tsurugi, which runs the targeted Hospital, has denied paying ransom money. Experts suspect that an IT firm involved in attempts to restore access to the records secretly reached a deal with the hackers.

Japanese police have been urging those targeted in ransomware attacks to not pay money demanded of them.

Toyota shut down production in Japan because Kojima Industries , one of its domestic suppliers, suffered a cyberattack. Kojima Industries provides plastic and other parts to Toyota.

Toyota employs a kanban "just-in-time" production method, so when Kojima was hit by ransomware which halted their key plastic and electronics parts production, Toyota chose to shutdown all 14 plants, and their network connections, to contain the spread. Toyota and subsidiaries were unable to keep their plants running. This is occurring amid ongoing parts and component shortages in the industry.

Toyota subsidiaries Hino Motors and Daihatsu Motor will also halt operations at some plants in Japan.

Osaka, Japan-based Panasonic Corporation confirmed its network was illegally accessed by a third party on November 11 and data ended up accessed in the breach, officials said.
As soon as the electronics giant discovered the breach, it initiated an internal investigation and discovered some data on a file server had been accessed during the intrusion. Panasonic spokesperson Dannea DeLisser said the breach began on June 22 and ended on November 3 — and the unauthorized access was first detected on November 11.

Japan’s major film provider, Fujifilm, finally restored operations on June 14, following a ransomware attack earlier this month.

On June 4, Fujifilm said it fell victim to a ransomware attack on June 1 which forced the company to shut down its network and servers across the globe. Beyond the shutdown, there were order processing delays. While most regions were able to get back up and running fairly quickly, Japan suffered the biggest impact.

Fujifilm manufactures a wide variety of products, including rapid COVID19 test kits.

On February 15, 2021, a defect was detected in internal system of the Elliott head office and confirmed an attack by ransomware on the mail system and certain servers. As the damage from the ransomware attack, some problems were confirmed in production or ordering systems at Elliott plants. Upon detection, Ebara Corporation, the Group’s Headquarters in Japan, and the Elliott Group in the United States immediately undertook a robust forensic investigation to determine the extent of the defect, its impact and potential consequences.
As of this writing, Nefilim Ransomware group has posted teaser files, one 6GB and 1 549KB in size as proof of data breach.

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.