Photo/Illutration A computer screen shows a claim by a hacker group that it was responsible for a recent ransomware attack against a hospital in Shizuoka Prefecture. Part of this image was modified. (Tatsuya Sudo)

Criminals carried out 114 ransomware cyberattacks against companies and other organizations in Japan in the first half of this year, the National Police Agency announced on Sept. 15.

The agency released alarming data showing that the number of such cases is steadily increasing.

Only 21 cases were reported in the latter half of 2020, when the NPA started collecting and compiling the data. But the figure rose to 61 cases in the first half of 2021 and then it jumped again to 85 cases in the second half.

In a ransomware attack, hackers block access to an organization’s private data by using encryption techniques and then demand a ransom in exchange for restoring it. But experts warn against companies giving in too readily.

“They shouldn’t pay the ransom,” said Katsuyuki Okamoto, an expert at security giant Trend Micro Inc. “If the attackers don’t get paid, it is the same as working for nothing. It’s important to show off an image to them that attacking Japanese companies is not profitable.”

This year, attackers targeted the automobile industry, including Denso Corp., which is an affiliated supplier of Toyota Motor Corp., and Kojima Industries Corp., a business partner of Toyota, as well as hospitals.

Breaking down the latest number compiled from 30 prefectural police departments, the manufacturing industry accounted for the most cases at 37, which works out to 32.5 percent. That was followed by the service industry at 20 cases, or 17.5 percent, and the medical and welfare industry at nine cases, or 7.9 percent. Five of those cases were hospitals.

There were 47 ransomware cases where it was clear how the security breach occurred. In nearly 70 percent of those cases, hackers broke into the target organization's computer system through devices used for its VPN, or virtual private network. A VPN is a secure private network run over a public network, usually the internet.

In seven cases, organizations were infiltrated through remote desktop connections, which are designed to allow users to operate computers in their workplaces from remote locations.

The police agency said it believes that cybercrime groups are targeting vulnerabilities in equipment necessary for teleworking.

The NPA data also showed that in more than 20 percent of the cases, it took more than one month for the victims to restore their systems from the damage caused by the ransomware attacks.

Related News