Nihon Cyber Defence Co., Ltd.
HELP and ADVICE - Ransomware
Unfortunately, it is not a case of if, but when you will be impacted …
Nihon Cyber Defence’s (NCD) highly experienced team understands the challenges that the victims of these attacks face. We know that CEOs, CIOs and CISO’s and Senior Leadership Teams, need objective, helpful and timely advice to allow them to lead a successful recovery and mitigation.
Therefore, we have launched an advice service that gives victim organisations immediate access to the right guidance through industry experts, allowing organisations to prepare or respond to incidents.
We will assist in preparing, defending or responding to an attack and whilst our ransomware advice service is currently intended primarily for Japanese organisations, NCD has impressive experience working on ransomware and other forms of devastating cyber-attacks globally. You can learn more about what we offer here…
At Nihon Cyber Defence (NCD) we see the impact that cyber-attacks and in particular ransomware attacks can have. Whilst it has been major ransomware attacks that have dominated the headlines, the reality is that an enormous range of organisations are being impacted.
This increase in the number and sophistication of attacks has been driven by Ransomware as a Service (RaaS), that has made sophisticated cyber tools available to a growing range of criminal groups.
Dealing with a major cyber incident
For an organisation’s senior management, a ransomware attack is a major test of leadership. At NCD we believe that is important that senior managers, who are often under immense pressure, are supported through an incident. We have therefore – at the suggestion of several organisations that we have helped – are launching a cyber security advice service.
The key elements of this service are that it is:
- Confidential
- Cost effective
- Provides access to world-class cyber security experts
- For anyone in a leadership position
Purpose
The sole purpose of the NCD Advice Service is to help you recover from a Cyber Attack
Process
The way that this service works is:
- Companies that believe that they may have become the victim of a cyber-attack, contact NCD through our online portal (please do not use an email address that may have been compromised in the attack).
- A Non-Disclosure Agreement (NDA) is quickly put in place to ensure complete confidentiality.
- After an initial discussion with a native Japanese speaker, a secure video conferencing call will be set up between the company’s management and world-class cyber security experts who have dealt with many hundreds of cyber security incidents. This call can be in English or with Japanese translation.
- During the call senior managers CEO’s, CIOs, CFO’s, CISO’s or anyone else who finds themselves in a cyber incident management leadership role will have the opportunity to ask questions of these experts. These can be general questions around best and poor practice or specific technical questions.
Asking the right questions
For senior managers who do not have a technical background we will equip you with the questions to ask of your Incident Response team. They could include:
- Technical Understanding – How did the incident happen? Has the access and attack vector been identified and closed? Is the attacker off the network or still there? Is there still a risk of further attack
- Mitigation – What is the damage? What data has been affected or exfiltrated. How do we deal and mitigate this?
- Attribution and Investigation – Who was behind the attack? Why was the victim targeted? Is there an option to pay? Will we negotiate to identify the data exfoliated or to delay exposure? Do we know where the exposure will be … can we disrupt this? Can we recover the encrypted data? Should you involve law enforcement?
- Regulatory– What action is required from the data protection authorities or financial regulatory authorities?
- Comms – What is the internal and external Comms plan? Will this be protective or reactive (pending exposure)? How will we inform affected data subjects?
- Resilience – What is the plan to rebuild our network securely and how can we re-establish customer confidence and commercial reputation?
- Governance – What advice and guidance should be made available to the Board during an incident? How should the Incident be managed?
- Support – What external support do you require? As importantly, what support do we not require? How do we manage the expense of this support?
- Engagement with the hostile actors. Should we engage? What are the risks associated with paying the ransom? How should engagement be taken forward?
Whilst this is designed to be a one-off service, many of our clients have found our experts’ advice to be invaluable and ask us to remain engaged acting as a critical friend or to provide specialist technical services through the attack.
Other services
- Preparation– boards awareness, incident planning and exercising
- Monitoring – developing the deployment of the technical solutions pre and post in a cyber incident
Consultants
Our customers tell us that, having won the work, the major consulting companies use primarily junior staff to carry out the work. At NCD we only use consultants with many decades of experience.
Latest Ransomware News!!
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
In a case that has shocked the cybersecurity community, two former cybersecurity professionals have been sentenced to four years in federal prison after helping the notorious ALPHV/BlackCat ransomware group carry out cyber extortion attacks.Ryan Goldberg, an incident response manager at Sygnia, and Kevin Martin, a ransomware negotiator at DigitalMint, used their industry knowledge to assist cybercriminals rather than protect organizations
UK Launches New Cyber Resilience Push at CYBERUK Conference
The UK government used the CYBERUK 2026 conference in Glasgow to outline its vision for strengthening national cyber resilience over the coming decade. Held from 21 to 23 April at the Scottish Event Campus, the event brought together more than 3,000 cybersecurity professionals, government officials, academics, and industry leaders to discuss the evolving threat landscape and the future of cyber
AI Turns Vulnerability Hunter -Anthropic’s Mythos Changes Everything
Anthropic has introduced Claude Mythos Preview, describing it as its most advanced artificial intelligence model developed so far. The announcement has attracted significant attention across the cybersecurity community due to the model’s reported ability to identify software vulnerabilities at a scale far beyond traditional security research methods.According to information shared during early testing, the model demonstrated an exceptional capability to
Medtronic Confirms Data Breach After ShinyHunters Claims Theft of 9 Million Records
Medical technology giant Medtronic confirmed that it had experienced a cybersecurity incident after the hacking group ShinyHunters claimed to have stolen more than 9 million records from the company’s corporate systems. The incident became public on April 24, 2026, when Medtronic disclosed the breach and informed regulators.According to reports, ShinyHunters added Medtronic to its data leak website in mid-April and
Everest Ransomware Hits Two Major US Banks Simultaneously
Two major U.S. banks, Citizens Financial Group and Frost Bank, found themselves at the center of a significant cybersecurity incident after the Everest ransomware group claimed to have stolen millions of customer records. The ransomware operation posted both organizations on its dark web leak site and threatened to release the stolen data publicly unless its demands were met within six
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
Educational publishing giant McGraw-Hill has confirmed a significant data breach after cybercriminal group ShinyHunters gained access to sensitive information through a misconfigured Salesforce environment.According to reports, the attackers initially demanded a ransom and claimed to have stolen around 45 million records. When negotiations reportedly failed, the group released more than 100 GB of data online, exposing a large volume of
