Ransomware incidents in Japan during the first half of 2025

Aug. 19, 2025, 9:53 p.m.

Description

The first half of 2025 saw a 1.4-fold increase in ransomware attacks in Japan compared to the previous year, with 68 confirmed cases. Small and medium-sized enterprises remained the primary targets, with manufacturing being the most affected industry. The ransomware group Qilin emerged as the most active threat, responsible for eight incidents. A new group, Kawa4096, appeared in late June, targeting Japanese companies. The analysis also details the KaWaLocker ransomware, including its configuration, encryption methods, and the emergence of KaWaLocker 2.0 with enhanced features. The continued evolution and intensification of ransomware activities in Japan highlight the need for increased cybersecurity measures across various industries.

External References

https://blog.talosintelligence.com/ransomware_incidents_in_japan_during_the_first_half_of_2025/
https://otx.alienvault.com/pulse/68a4bd10ede4e49b0999d905
Tags
ransomware
encryption
double-extortion
manufacturing
japan
kawa4096
kawalocker
2025-08-19
kawalocker 2.0
salsa20
small-medium-enterprises

Date

  • Created: Aug. 19, 2025, 6:06 p.m.
  • Published: Aug. 19, 2025, 6:06 p.m.
  • Modified: Aug. 19, 2025, 9:53 p.m.

Attack Patterns

  • KaWaLocker 2.0
  • KaWaLocker
  • Qilin

Additional Informations

  • Automotive
  • Construction
  • Transportation
  • Manufacturing
  • Japan