Japan braced for rise in ransomware attacks after data breach

A hacking attack at Japan’s largest IT company is spilling across the country’s corporate sector, with cyber security experts warning that it could trigger a surge in attempts by organised criminal gangs to extort hefty ransoms from companies and their customers.

More than 10 Japanese companies have said in the past month that they have been affected by the hacking at Fujitsu, which supplies internet infrastructure to thousands of companies. The attack took place last year and allowed outside access to emails sent through a Fujitsu-based email system.

Fujitsu admitted last year that it was hacked but refused to disclose how many of its customers were targeted.

Tokio Marine & Nichido Fire, which is one of Japan’s largest underwriters of corporate insurance against cyber attacks and a prime target for ransomware gangs, acknowledged to customers last month that it was one of the companies potentially affected by the Fujitsu leak, according to two sources.

Tokio Marine began writing to its corporate clients to discuss the possible impact of the breach and the potential loss of sensitive data, said two people familiar with the matter.

“The response from Tokio Marine is very significant. Clients of insurers share a lot of data that ransomware gangs target, and there will be a lot of concern around what kind of access the hackers got,” said one cyber security analyst who advises a large listed company affected by the incident.

Tokio Marine said it took the situation seriously and was addressing the incident.

The technology giant Kyocera, clothing maker Goldwin and property developer Sekisui House have all said within the past month that they are also among the companies affected by the Fujitsu incident.

Cyber security experts said that the attack on Fujitsu was consistent with the tactics of highly professionalised gangs in Russia and Belarus who target Japanese companies and organisations because they often have relatively low-level defences, and their willingness to pay a ransom tends to be high. Experts said that the Cuba and LockBit ransomware gangs had been especially active in Japan over the past 18 months.

The cyber security consultancy IBM Security said in its 2022 report on the cost of data breaches that ransomware attacks were sharply on the rise, with the global average cost of a data breach rising to $4.35mn in 2022 — its highest since the research began.

The average global cost to companies of suffering a ransomware attack, said IBM, stood at $4.54mn, which did not include the payment of the ransom itself.

Fujitsu said it launched an internal investigation into the incident after it received information from the police on December 9. The company has apologised and said it was investigating and co-operating with affected clients.

It was the second significant attack on the group in as many years. In 2021, Fujitsu’s cloud service for government agencies was targeted by hackers, resulting in a data breach at the foreign ministry, the cabinet office and other ministries.