Source: tbbstudio via Shutterstock

More than two months after ransomware shutdown its operations, Japanese food and beverage giant Asahi Holdings continues to suffer from back-office disruptions and was recently forced to acknowledge the possibility of a data breach affecting 1.9 million people.

The company is not alone among Japanese firms.

Japanese online retailer Askul announced this week that it would resume taking orders from its corporate clients more than six weeks after the firm acknowledged an attack, but still reportedly suffers from shipment delays and would not fulfill orders from individual customers. The online retailer’s outage also affected other companies, such as the online store for Muji, a seller of minimalist household goods, which had to halt sales.

Overall, the incidents underscore that Japanese companies are suffering the long tail of recovering from ransomware, especially if the victims refuse to pay the ransom, says Jon Clay, vice president of threat intelligence for cybersecurity firm Trend Micro.

"Rebuilding machines could take time depending on how effective IT can access these systems physically but more importantly remotely," he says. "All of these can cause significant delays in recovering, which is why, in some cases, an organization may pay the ransom in order to get the decryption keys and get access back to their systems and data. "

Related:AI Bolsters Python Variant of Brazilian WhatsApp Attacks

Japanese companies continue to struggle with cybersecurity. Threat actors targeted Japanese enterprises with exploits for critical vulnerabilities in Ivanti’s Connect Secure virtual private network product, many of which remained unpatched this summer. Japanese companies and government agencies are seeing more attacks overall, despite recently passed legislation that allows more active measures in the name of network defense.

As the world’s fourth largest economy and the start of many supply chains, Japan is a major target for cybercriminals, says Shane Barney, chief information security officer at credential management firm Keeper Security.

"Ransomware groups are focusing on Japan because its industries sit at the heart of global supply chains and run with very little room for disruption," he says. "From an attacker’s perspective, that creates pressure to resolve incidents quickly, which increases their leverage."

Japan Under Attack?

Some companies have seen a general acceleration in cyberattacks against targets in Japan. Cybersecurity firm Sophos, for example, has seen more than 200 named Japanese ransomware victims in the last four years, with 72 victims in the last year alone, showing some acceleration in attacks.

Related:China Researches Ways to Disrupt Satellite Internet

Japan as a country, however, is not specifically being targeted, says Chris Yule, director of Sophos’ threat research team. Instead, the country is facing the impact of an overall global increase in ransomware attacks. In the past 12 months, the number of Japanese victims of ransomware is a third higher (35%) than the previous 12 months. However, globally the same trend is apparent: The number of ransomware victims has grown by a third (33%), he says.

"Ransomware groups are opportunistic, attacking any organizations that are vulnerable and likely to pay," Yule says. "We’re not seeing any indications that they’re targeting specific geographies or market sectors, but sometimes a couple of big-name victims in the news can make it feel like a trend."

Fortune Favors the Prepared

The trend will likely to continue. While cyberattackers and ransomware groups are not done with North America and Europe, the Asia-Pacific region offers less mature security controls and processes, relatively untested incident response and recovery playbooks, and complex legacy environments, says Heath Renfrow, co-founder and chief information security officer at Fenix24, a breach-recovery services provider.

Related:US Creates ‘Strike Force’ to Take Out SE Asian Scam Centers

"Threat actors gravitate toward regions where recovery costs are high, the likelihood of disruption is significant, and resilience gaps are predictable," he says.

Manufacturers, such as Asahi Holdings, tend to be more vulnerable to operational disruptions.

In the end, as long as companies are vulnerable to attacks and are willing to pay a ransom to recover quickly, cybercriminals will target those companies, says Sophos’ Yule. Companies that prepare by not only having backups, but also regularly holding recovery exercises and assessing the status of critical assets, will be able to recover the fastest and not need to pay ransoms.

"Preparation is key, and when an organization puts the work in upfront, we see a world of difference when we’re brought in to help victims respond to these attacks," he says. "You need to know what your plan is if your entire IT infrastructure is no longer available: who’s in charge, how do you communicate, what decisions need to be made, and when."

About the Author

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.