Huge rise in ransomware cyberattacks on Japan firms an extreme threat: police
TOKYO -- Cases involving ransomware viruses that demand payments from the users of computers they infect have risen so sharply in Japan that the National Police Agency (NPA) has begun referring to the threat they pose as "extremely serious."
According to major cyber security software company Trend Micro Inc., in 2020 93 ransomware infections were reported by corporations in Japan -- an 80% increase on the previous year. The NPA also received 23 consultations from affected firms and others.
In ransomware attacks, cybercriminals encrypt without warning the internal data of corporations and other entities. They then demand virtual currency or other payment to restore the data. Trend Micro said the quarterly number of reported infections saw a constant rise in 2020, with 23 cases in the April-June period, 24 in July-September, and 32 in October-December.
One major route for attacks is virtual private networks (VPN), which are said to be especially vulnerable. VPNs are often used for teleworking, which has seen a greater uptake amid the coronavirus pandemic.
Katsuyuki Okamoto, a security expert at Trend Micro, explained, "In many past cases, cybercriminals attacked by disseminating viruses via email, but now they've come to perform targeted hits from the start." He said hacking methods are sold on the darknet too, adding, "Attack techniques have spread widely."
The NPA, meanwhile, began keeping totals of ransomware damages from April 2020, and had received 23 consultations from victims in 10 prefectures by December. Police have been investigating the cases on suspicion that electromagnetic records containing unauthorized commands were used -- which are actions consistent as crimes using computer viruses -- among other charges.
Nine of the cases that have taken place in five prefectures since July pertained to double blackmail, in which companies are also threatened with the publication of stolen data if a ransom is not paid. Major video game developer Capcom Co. fell victim to this method after it was hit by a cyberattack, which came to light in November. In some cases, stolen internal information does get published online, and according to Trend Micro there were a total of 26 instances in which information belonging to Japanese companies, including their offices abroad, was posted online.
To prevent infection from ransomware, Okamoto said, "Individuals must not open files attached to suspicious emails, and companies should introduce two-step verification systems in addition to updating services, such as VPNs, to the latest versions."
(Japanese original by Noritake Machida, City News Department)