• We're currently having issues with our e-mail system. Anything requiring e-mail validation (2FA, forgotten passwords, etc.) requires to be changed manually at the moment. Please reach out via the Contact Us form if you require any assistance.

Other NicoNico Cyberattack and Outage

Vector

Passionate Fan
Mar 6, 2022
142
NicoNico has been down since June 8th, attempting to recover from a cyberattack involving ransomware.


Report and apology regarding cyber attacks on our services

<Dwango Press Release: Published June 14th (Friday) at 3pm>

As announced in Niconico Info dated June 8, 2024, Dwango Co., Ltd. (Headquarters: Chuo-ku, Tokyo; President and CEO: Takeshi Natsuno) has been unable to use the "Nico Nico" service operated by the company since the early morning of June 8. It has been confirmed that this outage is the result of a large-scale cyber attack, including ransomware. We have temporarily suspended use of the service and are currently investigating and responding to understand the full extent of the damage and restore operations.

After confirming the cyber attack, we immediately took emergency measures, such as shutting down the relevant servers, and set up a task force to fully investigate the damage, determine the cause, and restore the system. We would like to report the findings of our investigation to date and our future response as follows.

We sincerely apologize to our users and all concerned parties for the inconvenience and concern caused.

<Background to the response>
At around 3:30 AM on June 8th, a malfunction occurred that prevented all of our web services, including our "Nico Nico" and "N Yobikou" services, from functioning normally. After an investigation, it was confirmed that the malfunction was caused by a cyber attack, including ransomware, at around 8 AM that same day. A task force was set up on the same day, and in order to prevent the damage from spreading, we immediately cut off communications between servers in the data center provided by our group company and shut down the servers, temporarily suspending the provision of our web services. In addition, as it was discovered that the attack had also extended to our internal network, we suspended the use of some of our internal business systems and prohibited access to the internal network.
As of June 14th, we are currently assessing the extent of the damage and formulating recovery procedures, aiming for a gradual recovery.
 

Luxie

Kagamine Rin and Len cover artist
Aug 3, 2022
60
Eastern USA
I would also like to note that there is a temporary accommodation called NicoNico Douga (Re:Tentative) (「ニコニコ動画(Re:仮)」Pretty much, they have a service that has a limited amount of videos that are mostly from 2007.

(MACHINE) TRANSLATION: "Today, we released a new version, "Nico Nico Douga (Re:tentative)". Only a limited number of videos are available, with popular videos from 2007 currently available, and more will be added in the future. While the service is suspended, it will be available without an account, although it will be available with minimal functionality, just like when the service first started."


(MACHINE) TRANSLATION: "While “Niconico” is suspended, the first service will be a new version of “Niconico Douga (Re: Kari)” that will be released at 3:00 p.m. on June 14, 2024. Our development team spontaneously created it in a short period of 3 days, and it is a video community site with only basic functions such as video viewing and commenting, just like NicoNico's first service (2006). In consideration of the service load, only a selected number of videos posted on Niconico Douga are available for viewing. The lineup mainly consists of popular videos from 2007, and you can watch them for free without an account."

While I am glad that the staff are doing what they can, it's also incredibly worrying for content creaters, fans, and staff. I hope that NND recovers in good time. And I also feel sorry for all of the people who are fans of or contributed to NND as well, as I'm sure that this is scary for at least some of them.
 

MagicalMiku

♡Miku♡
Apr 13, 2018
1,517
Sapporo
there are legendary Vocaloid videos available on NicoNico Re:Tentative, like

on a positive side, it's good all videos are safe and they stopped the attack before it could have become much worse. and at least the attack happened during a less "busy" period. probably it'll take a bit longer than one month (I think 2 months for a full recovery), but yes, such things can happen and are a good reminder that is always good to save favorite videos on own pc, because NicoNico is really part of Vocaloid history from the beginning and I look forward to its fully recovery:miku_lili::luka_lili::len_smile_lili::rin_smile_lIlI::meiko_lili::kaito_smile_lili:
 

Vector

Passionate Fan
Mar 6, 2022
142
They remarked on it during the Final Fantasy XIV "Letter from the Producer" broadcast, as they usually stream it on NND as well as YouTube and Twitch. (And FFXIV has also been under DDoS for a few weeks now.)

Definitely a major part of Vocaloid, and I'm glad they haven't had any data loss.
 

pico

robot enjoyer
Sep 10, 2020
544
Just an important distinction I think some have missed— this attack was *not* an attack that exclusively targeted niconico services. This attack impacted effectively ALL Kadokawa servers and services. So if you have accounts on Kadokawa marketplaces, keep an eye on your email in case more information arises. As of now they haven’t updated again on the extent of the breach (I.e. they don’t know what, if any, data was stolen) and when it is discovered it will likely be communicated to affected users via email, so be aware.
 

MagicalMiku

♡Miku♡
Apr 13, 2018
1,517
Sapporo
if it was a ransomware without any other malware, then it is likely that the attack was made only to block all data on the servers and then ask money to unblock it (I made it simple, but it's basically why ransomware are made). We don't know, but yes, it's possible that in any case all login passwords, not only niconico but all other Kadokawa services, will be reset :una_lili:
 

pico

robot enjoyer
Sep 10, 2020
544
if it was a ransomware without any other malware, then it is likely that the attack was made only to block all data on the servers and then ask money to unblock it (I made it simple, but it's basically why ransomware are made). We don't know, but yes, it's possible that in any case all login passwords, not only niconico but all other Kadokawa services, will be reset :una_lili:
kai-you.net/article/89946

Everyone should be very careful not to assume attacks like this are “just ransomware” until full reports about attack scale are shared. Especially when Kadokawa stated from the beginning that the attackers had network access. When cybercrime happens the rule of thumb should always be to assume you are compromised for your own safety until there is confirmation otherwise.

The attack was performed by Russian group BlackSuit. They claim 1.5TB of data was stolen, which they will release if the ransom is not paid by July 1st.

Thankfully for users, it seems that the most personal data is not part of the data collected. But “emails, data usage, links opened” are.

It will be interesting to see what happens on July 1st. Personally missing NND a lot right now. I can only assume kdkw will cut their losses. If this releases, perhaps some of the corporation’s more underhanded ventures will be in the spotlight again i.e. 4chan investment.
 

MagicalMiku

♡Miku♡
Apr 13, 2018
1,517
Sapporo
mm.. I suspected there was more about it, and the 1.5TB of data is more of a "bargaining chip" for asking money. I've also read that the group is willing to provide assistance in terms of security, which might sound a bit strange, but these groups do these kind of acts for money, it's their business, and they're ok with that if the money comes from the ransomware, the deadline of data release or a contract for future security assistance. Kadokawa is a big company, so there is not problem for that.

it's a big reminder to always choose a different password for each service you sign up, these things happen daily, and there will be surely a password reset for all accounts (and maybe also some user history and comments settings change), and the good thing is that the whole network of niconico will be stronger after all of this:una_lili:
 
Last edited:
  • Like
Reactions: Blue Of Mind

pico

robot enjoyer
Sep 10, 2020
544
Has Kadokawa stated they are going to pay the ransom? I would be surprised if they opt to pay the ransom.
 

MagicalMiku

♡Miku♡
Apr 13, 2018
1,517
Sapporo
I've read that Kadokawa first wanted to pay a portion of what asked for the ransom, but then there is this whole 1.5TB of data and the offer of assistance in terms of security. We don't know how much important or not is that data for the company itself (think of future company plans, employees profiles, etc..), but in my opinion, they'll have a kind of agreement with that group: if the group asked 100 and they first wanted to pay 10, then probably they'll pay 40 with agreement on assistance on building a stronger network. the weakest point was indeed the fact that all network sites and companies were linked together, that's not good. but it's good they can spend this time making it better and better :una_lili:
 

MagicalMiku

♡Miku♡
Apr 13, 2018
1,517
Sapporo
a little update about it:
Kadokawa confirmed that information on contracts with business partners as well as personal information of all employees of its subsidiary, Dwango, had been leaked to outside parties.
from The Asahi Shimbun:

from the article, it seems like that the 1.5TB of data stolen wasn't about company projects and user details, but contracts with business partners (in this case some projects can be assumed, but not confirmed) and employees information, so it makes sense they didn't want to pay the full amount of what asked. Hoping for a full recovery during this month, but I know it can take some time, I miss niconico:kaito_lili:
 
Last edited:

Users Who Are Viewing This Thread (Users: 0, Guests: 0)