Mon Oct 14 08:43:22 UTC 2024: ## Casio Confirms Customer Data Stolen in Underground Ransomware Attack
**Tokyo, Japan – October 10, 2024:** Casio, the Japanese tech giant, has confirmed that customer data was stolen in a ransomware attack that disrupted its systems on October 5th. This confirmation comes after the Underground ransomware group claimed responsibility for the attack and leaked allegedly stolen data on its dark web extortion portal.
While Casio initially acknowledged the incident, it withheld specifics about the attack and its potential impact. The company stated it had engaged external IT specialists to investigate the incident.
The Underground ransomware group, known for its affiliation with the Russian cybercrime group ‘RomCom,’ is a relatively new threat actor targeting Windows systems since July 2023. Fortinet, a cybersecurity firm, reported that the group exploits vulnerabilities in Microsoft Office, particularly CVE-2023-36884, as an infection vector.
The group’s tactics include deleting shadow copies to prevent data restoration and modifying the registry to maintain access to compromised systems for an extended period. Notably, Underground also leaks stolen data on Mega and promotes links to archives hosted there via its Telegram channel, maximizing data exposure and availability.
The attack on Casio is a significant development for Underground, as it represents a potential breakthrough into the mainstream. This incident raises concerns about the group’s future activities and whether it will escalate its attack volume and pace.
Casio’s confirmation of customer data theft underscores the growing threat of ransomware attacks on businesses worldwide. Organizations must implement robust security measures to protect themselves from these increasingly sophisticated threats.
First Piper 