 |
| Dwango COO Kurita and CTO Suzuki |
On June 14, Dwango announced details about the large-scale outage that has been continuing since the 8th. The cause was a large-scale cyber attack that included ransomware. It is expected to take more than a month to restore the service.
In conjunction with this announcement, a video explaining the situation by Kadokawa and Dwango President Takeshi Natsuno, Dwango COO Shigetaka Kurita, and CTO Keiichi Suzuki was also released, along with a Q&A session regarding the situation. However, as the information is scattered across various sources, this article will summarize the content announced by each media outlet by topic.
Niconico situation, is the video data safe?
Of the entire Niconico system, the Niconico Video system, the posted video data, the video distribution system, and the Niconico Live Broadcasting system are all safe. However, for Niconico Live Broadcasting, the system responsible for video distribution was damaged, and it is possible that videos that have been time-shifted (scheduled for viewing) in the past may not be available. Other services currently suspended are as follows:
- Niconico account login for Niconico Family Services and external services such as Niconico Video, Niconico Live Broadcast, and Niconico Channel
- Music monetization service
- Dwango Ticket
- Some features of Dwango JP Store
- N Preparatory School (Restored for students of N High School and S High School)
- Sending gifts for various projects
Although backups of various data exist, they may have been encrypted by ransomware. However, CTO Suzuki said, "After checking the situation of the attack, we have determined that even in this case, not all of the backups have been affected."
The cyberattacks continued even after they were discovered, and even after the servers in the private cloud were shut down, they were seen to be remotely restarted in an attempt to spread the infection. In response, Dwango physically disconnected and cut off the power and communication cables of the servers, blocking them off. They also cut off connections between systems and public clouds. As a result, all of the servers in the data center are currently unavailable.
The reason why recovery took so long was that "we had of course prepared redundant configurations and backups, and implemented various security measures, but the situation exceeded our expectations, with the servers in the data center becoming unusable," said CTO Suzuki. For the same reason, it is also taking time to identify the extent of the damage.
In addition, the cyber attack "targeted Niconico and other services, and there were signs that the attacks were planned and carried out over a long period of time," said CTO Suzuki, who said that attacks other than ransomware were also occurring at the same time. As a result, not only the service but also the company's internal systems were affected, and "all operations other than web services have been completely halted."
Because the extent to which the attackers have infiltrated the system is still under investigation, the office has been closed and employees are prohibited from coming to work in principle. Use of the internal network has also been prohibited. However, since a remote work system was in place, the company said it was able to respond to the situation.
How does ransomware get infected?
Regarding the details of the attack, the company stated, "An investigation is necessary with the cooperation of a specialized investigative agency. If new facts that need to be announced, such as more accurate investigation results, become apparent, we will report them as they come to light."
Regarding the delay in announcing that ransomware was the cause, Dwango explained, "If we had announced to the public that it was ransomware, the attackers would have moved on to the next step and the attacks would have become more intense, so we refrained from announcing it until we could confirm a certain level of safety."
Regarding the status of negotiations with the attackers, he declined to disclose details, saying that "it could potentially provide information to the attackers."
The road to recovery
Dwango's recovery process involves (1) creating a safe environment and deploying servers, and rescuing all remaining data one by one, (2) verifying that the data is safe and planning for rebuilding the system, (3) rebuilding the system, and (4) checking that services are working and verifying the connections between services. CTO Suzuki states that "this will require work on a scale equivalent to rebuilding the systems for Nico Nico Douga and Nico Nico Live Broadcasting from scratch."
Possibility of information leakage
The possibility of information leakage due to this cyber attack is currently under investigation. At this time, it has not been confirmed that personal information or credit card information was leaked. Niconico says that it does not store credit card information on its servers.
Niconico has been hit hard, but the app version of its digital manga service "Nico Nico Manga" is expected to resume service soon, albeit on a smaller scale. It is scheduled to be released during the week of June 17th with functions such as reading and commenting on manga available.
In addition, they have also released a replacement service for the now-discontinued Nico Nico Douga called Nico Nico Douga (Re: Temporary). Among the videos posted on Nico Nico Douga, some of the most popular videos from around 2007 can be viewed here.
KADOKAWA also halts multiple operations
The attack has not only affected NicoNico, but also its parent company, KADOKAWA, and there is a possibility that payments to some business partners will be delayed. Please refer to a separate article for the impact on KADOKAWA. The accounting system, book order system, and editing system were affected, and they will gradually restore the system from next week, aiming to return to normal at the end of June.
President Takeshi Natsuno apologized, saying, "We are very sorry for the inconvenience caused. All of our employees are working hard to restore service, so please wait a little longer until the service is restored."
Dwango COO Kurita and CTO Suzuki also apologized, saying, "We apologize for the great inconvenience caused to everyone who enjoys Nico Nico Douga and Nico Nico Live Broadcasting." They also expressed their gratitude to users, saying, "Over the past week, we have received many messages of concern and support from our users. Our employees are truly encouraged by messages such as, 'When we were unable to access the service, we realized how important Nico Nico is to us.'"
0 Comments:
Post a Comment