The first half of 2025 saw a 1.4-fold increase in ransomware attacks in Japan compared to the previous year, with 68 confirmed cases. Small and medium-sized enterprises remained the primary targets, with manufacturing being the most affected industry. The ransomware group Qilin emerged as the most active threat, responsible for eight incidents. A new group, Kawa4096, appeared in late June, targeting Japanese companies. The analysis also details the KaWaLocker ransomware, including its configuration, encryption methods, and the emergence of KaWaLocker 2.0 with enhanced features. The continued evolution and intensification of ransomware activities in Japan highlight the need for increased cybersecurity measures across various industries. Author: AlienVault
Related Tags:
salsa20
kawa4096
KaWaLocker 2.0
KaWaLocker
double-extortion
automotive
encryption
T1070.001
T1204.002
Associated Indicators:
F3A6D4CCDD0F663269C3909E74D6847608B8632FB2814B0436A4532B8281E617
33A0121068748F6E6149BC6104228A81AECDFED387D7EB7547D95481E60150B7
B60EF95DA28CBA0D44CAD8D03121B0BEC3BC3865044D010CFFB8450629D91C9F
C8CA0D95FF20C13E76284EEC945AE6B3572A83AF
BD30C87774C083A1003C0B9FB0A922B702302272
B8C32444CEEF027FB65D9CF1C823AD3C9C59ACEA
689547DDD0C6BE741A8DD0EC30ABA9671A916418
64756BF452BAA4DA411E3A835C08D884
C3CE46D40B2893E30BF00FCE72C2E1FA