It was found that an overseas group company of Kajima Construction Co., Ltd., a major general contractor, was attacked by a cyber attack and data that seems to be confidential information may have been leaked.

According to Kajima Corporation, in March, an overseas group company was attacked by a cyber attack and illegally accessed the server, urgently identifying the scope and content of the attack.

Since the system is independent of the head office in Japan, the impact on the head office has not been confirmed so far.

According to Mitsui Bussan Secure Direction, an information security company, a cybercrime group named "REvil" stole 1.3 million files such as non-disclosure agreements and design drawings of almost all subsidiaries on the night of the 27th of Japan time. May He posted a criminal statement on his blog stating, "If you do not pay the price by the 1st, you will sell it."

And a part of the file that seems to have been stolen was released to the site set up on the highly anonymous dark site = dark web on the Internet.

The dark web is an area of ​​the Internet that can only be accessed in special ways, and there is a risk of cyber attacks just by accessing it.

The published files include non-disclosure agreements with major theme park operators, labor contracts, emails, a list of business partners, etc. It is believed to be an attack by a ransom-type virus that threatens to publish and demands money.

Kajima commented, "We report to potential customers and respond politely. We have reported to overseas investigative authorities and are investigating, so we will refrain from details."

Regarding the ransom-demanding virus, the game software giant "Capcom" was attacked last November, and the American subsidiary of optical equipment giant HOYA was attacked this month, and all stolen files were released. Are one after another.

Takashi Yoshikawa of Mitsui Bussan Secure Direction said, "In many cases, overseas bases of companies use English emails, so it is easy to be targeted by overseas criminal groups and need to be careful. In ransom demand type attacks, remote connection from the outside is required. Equipment is often targeted, and even in Japan, companies need to strengthen security measures under telework. "