Cybercrime in Japan hits record high in 2022, ransomware cases surge
The daily average of suspicious internet access cases, including cyberattacks, has also hit a record high of 7,707.9 per internet protocol address, the agency said.
With the rise in remote working due to the coronavirus pandemic, the number of ransomware attacks, in which hackers demand payment in exchange for restoring access to data, soared 57.5 percent from the previous year to 230 cases across 37 of Japan's 47 prefectures, according to the agency's data.
The scale of business operations was not a factor in the ransomware attacks, with half of the victims small and medium-sized firms, the data showed.
A new bureau and special investigative team tasked with tackling serious cybercrime cases were established at the National Police Agency in April last year.
The manufacturing sector was the hardest hit with 75 cases, followed by services at 49 and the medical sector at 20.
Of the 182 attacks in which the modus operandi was revealed, 119 involved «double extortion ransomware,» involving both the encryption and exfiltration of a victim's data that a perpetrator threatens to disclose unless a payment is made.
In a survey of affected companies, 63 of the 102 valid responses said an attack was launched via a virtual private network service, 19 involved remote desktop software with a hacker gaining control of a device, and nine were linked to suspicious emails.
Half of the respondents said it took less than a month to restore their systems, although some answered that it took more than two months. The majority said the overall cost for restoration totaled between 10 million yen ($75,000) and 50 million yen.
The daily average of suspicious internet access cases, including cyberattacks, nearly tripled from 2,752.8 in 2018. The majority originated abroad, with the increase believed to be linked to the spread of smart home appliances.
Among the total 12,369 cybercrime cases in which the police launched investigations, 3,304 were scams, while 1,560 involved violations of the child prostitution and pornography laws, and 522 of the unauthorized computer access law.