Key Facts
• November 2025: Askul and Asahi HD suffer ransomware attacks.
• Attackers: Groups identified as RansomHouse and Qilin.
• 1.1 terabytes of Askul’s customer data stolen, per RansomHouse statement.
• Qilin operates under Ransomware-as-a-Service (RaaS) model.
• Ransomware targets shifted from PCs to virtual infrastructures.
• Attackers exploit VPN, RDP vulnerabilities, and server weaknesses.
• Social engineering tactics like voice phishing increasingly used.
• Japanese companies seen as lucrative due to ransom payment tendencies.
• Experts recommend EDR for servers, micro-segmentation, and regular recovery drills.
• Legal risks of paying ransoms include compliance violations and shareholder lawsuits.
Summary
Recent ransomware attacks on Japanese corporations Askul and Asahi HD highlight evolving cybercrime tactics. Groups RansomHouse and Qilin targeted these firms, with RansomHouse claiming to have stolen 1.1 terabytes of Askul’s customer data. Attackers now focus on virtual infrastructures and core systems, exploiting vulnerabilities in VPNs, RDPs, and servers. Social engineering, including voice phishing, is increasingly used to deceive IT staff. Japanese companies are becoming prime targets due to perceived willingness to pay ransoms. Experts stress the importance of server EDR, micro-segmentation, and recovery planning. Paying ransoms poses legal and ethical risks, potentially violating compliance and encouraging further attacks.
