Casio says “there is still no chance of recovery” after the ransomware attack

Japanese electronics giant Casio has confirmed that many of its systems remain unusable almost two weeks after being hit by a ransomware attack.

Casio spokeswoman Ayuko Hara told TechCrunch on Thursday that the company “still sees no prospect of recovery” as it struggles to recover from the cyber attack.

“Since October 5, our servers experienced a system failure that rendered several of them unusable,” Hara told TechCrunch, adding that the company subsequently took steps to disconnect their servers to prevent the spread of damage.

“This countermeasure is affecting our receipt and orders from suppliers and the schedule of product shipments,” Hara said. “There is no prospect of recovery yet, but we are prioritizing our customers as we move forward with the recovery.”

These shipping issues appear to only affect customers in Japan, TechCrunch has learned, where customers are receiving a message that reads: “Due to an issue with our product shipping system, the date of shipping is currently undecided.” Casio’s US website is unaffected at the time of publication.

On Friday, Casio disclosed that it had been the victim of a ransomware attack, in which attackers compromised sensitive company data and the personal information of employees, contractors, business partners and job applicants. This data theft was claimed by ransomware group Underground, who shared alleged samples of the stolen Casio data on their dark web leak site.

Hara tells TechCrunch that “the hackers left a threatening message indicating their intention to leak our data,” but said Casio has not received a ransom demand. This suggests the company has not contacted the ransomware group, but Casio did not comment when asked by TechCrunch.

Casio has not yet determined what types of data were stolen or how many people may have been affected, Hara said.

“We have identified that certain information has been compromised, the details are still under investigation,” Hara said. “But we are confident that none of our customers’ credit card information was compromised.”

Underground, which security experts have linked to the Russia-linked cybercriminal group known as RomCom (or Storm-0978), claims to have stolen more than 200 gigabytes of data from Casio’s systems. Security researchers have linked the RomCom group to cyberattacks carried out on behalf of the Russian state.

When asked if Casio disputes Underground’s claims, Hara said the company is “currently investigating.”