- Japanese electronics giant Casio was hit by a ransomware attack on October 5. Many sensitive company files were stolen.
- The Underground ransomware ground has claimed responsibility for the attack.
- Unfortunately, the company is still reeling from the aftermath of the attack and sees no hope of recovery yet.
Japanese electronics giant Casio is still reeling from the aftermath of the ransomware attack that hit its systems two weeks ago. The company is struggling to get back its footing as some of its systems still remain unusable.
The company doesn’t see “any prospect of recovery yet,” as spokesperson Ayuko Hara told TechCrunch on Thursday.
The attack is still being investigated, so the company couldn’t comment on the exact number of people who have been affected. However, it assured that steps are being taken to remedy the situation and it’s prioritizing customers and their needs in this whole process.
More About the Attack
The attack took place on October 5. A ransomware group called Underground managed to compromise Casio’s systems and steal sensitive company data.
Stolen data includes the personal details of employees, business partners, job applicants, and contractors. According to the Underground group, a total of 200 GB of data was stolen. But Casio has yet to confirm this.
Even worse, a sample of the stolen data was shared on Underground’s dark web site. The only silver lining here is that so far it looks like no credit card information was stolen.
Additionally, the hackers also left a message for the company, threatening to leak all the data if their demands weren’t met. However, Casio confirmed that the bad actors haven’t reached out with their ransom demand.
Until the entire issue is resolved, Casio decided to disconnect some of its systems to prevent the spread of the ransomware. While this did help in containing the attack, it also hampered their day-to-day business.
Casio had trouble placing orders with their suppliers and shipping products to their customers. However, the shipping issue seems to be only limited to Japan, and Casio’s US website is working perfectly well.
“Due to a problem with our product shipping system, the shipping date is currently undecided.” – Casio’s Japanese website to the customers.
It’s no surprise that Casio is taking time to recover from this attack. Ransomware recovery doesn’t happen overnight, especially if the impact is far-reaching. On average, it can take a month and cost nearly $3 million.
The pace of recovery also depends on whether the company accepts the ransom demand to get the decryption key. For example, in Casio’s case, the Underground group might make a demand, and if Casio accepts that, it’ll get a decryption key that may speed up recovery. However, even then, there might be long-lasting effects.
Speaking of the threat actor, not much is known about the Underground group, but security researchers have linked it to a cybercriminal group known as Storm-0978 (RomCom), which allegedly operates on behalf of the Russian state.