Japanese electronics colossus Casio is still reeling from a ransomware attack that disrupted its systems, two weeks after the incident occurred and with no expected recovery timeline.
On October 8, Casio said it detected network access by an unauthorized third party, prompting an investigation involving external cybersecurity experts to determine if personal and company data was compromised.
The Tokyo-based electronics giant said it also took certain platforms offline to contain the incident rendering several services unusable including order and delivery systems.
Casio also notified the country’s law enforcement authorities and the privacy watchdog, Japan’s Personal Information Protection Commission, both of which are assisting with the ongoing investigation.
Casio ransomware attack leaked sensitive data
On October 11, Casio determined that the cyber incident was a ransomware attack and resulted in personal and confidential data leak affecting the company and its affiliates.
The personal data leak impacted Casio’s full-time and temporary employees, contractors, business partners, and job applicants interviewed.
Nonetheless, Casio did not specify the nature of the personal information compromised or the number of victims impacted. However, customer financial data such as credit card information was not affected as the ransomware attack did not affect Casio ID and ClassPad systems.
Nonetheless, the ransomware attack impacted corporate data including invoices, technical information, HR planning, and legal, financial, audit, and sales documents.
Meanwhile, Casio dissuades individuals from sharing leaked sensitive information to mitigate the impacts of the cyber incident on the impacted customers and businesses.
The electronics giants also advised potentially impacted individuals to remain vigilant for unsolicited emails to avoid becoming victims of phishing attacks.
Russian cyber gang responsible for the Casio ransomware attack
While the threat actor behind the Casio ransomware attack remains unknown, the Russian-linked “Underground” threat group has claimed responsibility. The group claims it stole over 200 gigabytes of data from Casio and threatened to leak the stolen information online.
Casio has not confirmed receiving ransom demands and the data breach claims could not be verified independently.
Microsoft links the Underground cybercrime group to the Russian cyber gang Storm-0978 (RomCom). While the “extortion-only” ransomware group seems financially motivated, it previously executed financial cyber espionage attacks on behalf of the Russian state. Its targets include Western defense establishments and government agencies.
Although the attack vector exploited in Casio’s ransomware attack remains a mystery, Storm-0978 has previously exploited Windows Search Remote Code Execution Vulnerability CVE-2023-36884.
Casio struggles to restore systems 2 weeks after a ransomware attack
Over two weeks after the Casio cybersecurity incident occurred, the company says it is working to restore impacted systems with no recovery timeline.
“The drama that has played out over the past two weeks since Casio was victimized by a ransomware attack is a reminder that no organization is immune to being breached,” said Jeff Wichman, Director of Incident Response at cybersecurity firm Semperis. “Casio’s recent sobering message of not being able to put a timeframe on when disrupted services will be fully restored is every company’s nightmare.”
Semperis’ 2024 Ransomware Risk report warned that recovery was a complicated affair and “Paying [the] ransom doesn’t suddenly make things better.”