Nihon Cyber Defence Co., Ltd.
HELP and ADVICE - Ransomware
Unfortunately, it is not a case of if, but when you will be impacted …
Nihon Cyber Defence’s (NCD) highly experienced team understands the challenges that the victims of these attacks face. We know that CEOs, CIOs and CISO’s and Senior Leadership Teams, need objective, helpful and timely advice to allow them to lead a successful recovery and mitigation.
Therefore, we have launched an advice service that gives victim organisations immediate access to the right guidance through industry experts, allowing organisations to prepare or respond to incidents.
We will assist in preparing, defending or responding to an attack and whilst our ransomware advice service is currently intended primarily for Japanese organisations, NCD has impressive experience working on ransomware and other forms of devastating cyber-attacks globally. You can learn more about what we offer here…
At Nihon Cyber Defence (NCD) we see the impact that cyber-attacks and in particular ransomware attacks can have. Whilst it has been major ransomware attacks that have dominated the headlines, the reality is that an enormous range of organisations are being impacted.
This increase in the number and sophistication of attacks has been driven by Ransomware as a Service (RaaS), that has made sophisticated cyber tools available to a growing range of criminal groups.
Dealing with a major cyber incident
For an organisation’s senior management, a ransomware attack is a major test of leadership. At NCD we believe that is important that senior managers, who are often under immense pressure, are supported through an incident. We have therefore – at the suggestion of several organisations that we have helped – are launching a cyber security advice service.
The key elements of this service are that it is:
- Confidential
- Cost effective
- Provides access to world-class cyber security experts
- For anyone in a leadership position
Purpose
The sole purpose of the NCD Advice Service is to help you recover from a Cyber Attack
Process
The way that this service works is:
- Companies that believe that they may have become the victim of a cyber-attack, contact NCD through our online portal (please do not use an email address that may have been compromised in the attack).
- A Non-Disclosure Agreement (NDA) is quickly put in place to ensure complete confidentiality.
- After an initial discussion with a native Japanese speaker, a secure video conferencing call will be set up between the company’s management and world-class cyber security experts who have dealt with many hundreds of cyber security incidents. This call can be in English or with Japanese translation.
- During the call senior managers CEO’s, CIOs, CFO’s, CISO’s or anyone else who finds themselves in a cyber incident management leadership role will have the opportunity to ask questions of these experts. These can be general questions around best and poor practice or specific technical questions.
Asking the right questions
For senior managers who do not have a technical background we will equip you with the questions to ask of your Incident Response team. They could include:
- Technical Understanding – How did the incident happen? Has the access and attack vector been identified and closed? Is the attacker off the network or still there? Is there still a risk of further attack
- Mitigation – What is the damage? What data has been affected or exfiltrated. How do we deal and mitigate this?
- Attribution and Investigation – Who was behind the attack? Why was the victim targeted? Is there an option to pay? Will we negotiate to identify the data exfoliated or to delay exposure? Do we know where the exposure will be … can we disrupt this? Can we recover the encrypted data? Should you involve law enforcement?
- Regulatory– What action is required from the data protection authorities or financial regulatory authorities?
- Comms – What is the internal and external Comms plan? Will this be protective or reactive (pending exposure)? How will we inform affected data subjects?
- Resilience – What is the plan to rebuild our network securely and how can we re-establish customer confidence and commercial reputation?
- Governance – What advice and guidance should be made available to the Board during an incident? How should the Incident be managed?
- Support – What external support do you require? As importantly, what support do we not require? How do we manage the expense of this support?
- Engagement with the hostile actors. Should we engage? What are the risks associated with paying the ransom? How should engagement be taken forward?
Whilst this is designed to be a one-off service, many of our clients have found our experts’ advice to be invaluable and ask us to remain engaged acting as a critical friend or to provide specialist technical services through the attack.
Other services
- Preparation– boards awareness, incident planning and exercising
- Monitoring – developing the deployment of the technical solutions pre and post in a cyber incident
Consultants
Our customers tell us that, having won the work, the major consulting companies use primarily junior staff to carry out the work. At NCD we only use consultants with many decades of experience.
Latest Ransomware News!!
Cox Enterprises Oracle E-Business Suite Zero-Day Breach
Cl0p ransomware operators launched a targeted campaign against Cox Enterprises by exploiting a critical zero‑day vulnerability in Oracle E‑Business Suite (Oracle EBS), tracked as CVE‑2025‑61882, which allowed remote, unauthenticated access to one of the company’s most sensitive back‑office platforms. The intrusion window ran roughly between 9 and 14 August 2025 and went undetected until late September, giving attackers ample time
Coupang breach exposes data of over 33 million users
South Korean e‑commerce giant Coupang has disclosed a massive data breach that exposed personal information from approximately 33.7 million customer accounts, making it one of the largest cyber incidents in the country’s history. The exposed data includes names, email addresses, phone numbers, postal or shipping addresses, and order histories, with some reports noting leak of delivery entrance codes, raising concerns
Critical vulnerability found in 7-Zip archiving tool
A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-11001 (CVSS 7.0), was disclosed in the popular open-source 7-Zip archiving tool, affecting all versions before 25.00 released in July 2025. The flaw stems from improper handling of symbolic links in ZIP archives, enabling attackers to craft malicious files that allow directory traversal outside the intended extraction folder. When a user
Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks
Anthropic, the developer of the Claude AI model, disclosed in mid-November 2025 that it disrupted the first documented large scale cyber-espionage campaign orchestrated primarily by artificial intelligence, attributed with high confidence to a Chinese state sponsored hacking group. Detected in mid-September 2025, the operation dubbed GTG-1002 involved hackers manipulating Anthropic’s Claude Code tool to automate intrusions against approximately 30 high-value
Microsoft pins latest GoAnywhere MFT exploitation campaign on Medusa ransomware group
Microsoft has identified a cybercriminal group tracked as Storm-1175 as responsible for actively exploiting a critical deserialization vulnerability (CVE-2025-10035) in Fortra’s GoAnywhere Managed File Transfer (MFT) software. This vulnerability affects the License Servlet component and allows unauthenticated remote code execution (RCE) by processing attacker-controlled serialized data. The attackers leveraged this zero-day flaw to gain initial access to targeted networks by
US Air Force warns of SharePoint data breach
The U.S. Air Force publicly acknowledged a significant data breach involving Microsoft SharePoint, which potentially exposed sensitive personal and health information of service members. According to an official notification circulated by the Air Force Personnel Center, the breach stemmed from misconfigured SharePoint permissions, resulting in the unauthorized access to Personally Identifiable Information (PII) and Protected Health Information (PHI). To mitigate
