nicodou has been down for almost a week now, attributed to a cyber attack. a few hours ago, we learned that was the result of ransomware that compromised kadokawa's private cloud and that the site will be offline for at least a month as they rebuild. unwittingly, I managed to capture the exact moment where things started to collapse and they pulled the plug entirely (technical note: comments are served internally, which is why they started to fail first). this is a well-worn topic here that I'm almost reluctantly broaching again, especially because it feels like I'm increasingly prophesizing the site decaying, but I can't really say this was a scenario I imagined, even when you can point to obvious parallels like the PSN outage. it's not exactly often that you see a site that serves 200 million MAU hit the ground this hard.
the coverage circulating on this isn't entirely comprehensive, especially in english, so the further this stretches I've thought it might be useful to outline how the response develops. mostly for myself, let's be honest, but it might be useful for the next great novelist chronicling how the upload of the first episode of gochiusa was once a collaborative news ticker. with that in mind, I'll probably be using this as a living document to keep the details straight (update: opened a dedicated page for tracking the recovery). for now I've attached notes from the latest announcements that have been posted. check my earlier posts if you'd like some preamble on what nico's all about and the sort of cultural cache it has more broadly.
- kadokawa suffered a ransomware attack to their internal private cloud shared across services. when the problem was discovered, VMs were remotely shut down and a task force was established to investigate. when it was determined that the attacker was attempting to reboot systems to return them online, servers were physically disconnected from power and network.
- internal services and systems are affected by this, which has slowed their response. they also chose to delay this announcement to prevent revealing any information on their response to the attacker. they're a little cagey on specifics, but they do go into the specific impact.
- most of nico is served from the public cloud, though a lot of secondary functions are served or controlled from their internal cloud. video data itself specifically was mentioned as being safe, but recovering comment data is still being investigated, as well as timeshifts from live broadcasts.
- as a result, service has been suspended as they work on recovering data and securing systems. they've outlined one month as their minimum timeline for restoring service, though they plan to recover functionality in stages. offices at kabukiza tower were also closed.
- premium subscribers, channel memberships, and uploaders in the creators program will be compensated for june and july. no plans are established yet for how compensation will be paid out.
- no personal data, including credit card information, is expected to have been leaked, but this is still under active investigation. standard boilerplate to change passwords, activate 2FA, and check login sessions on other services.
- all that's been guaranteed here really is that it will take more than a month to restore service, if it's possible to. they kind of hedge on the question of whether nico can be restored fully (as they probably should).
- a barebones site was launched to serve select videos that allows people to add new comments, developed in three days. old metadata like view count, description, and tags are shown here, but all you can pretty much do is hit a slot machine to see more videos and watch them. as is tradition for nico with site refreshes and revamps, they've branded this version as Re:Kari (Re:仮).
- comments and views here are also temporary and won't be carried over to the restored site.
- the videos that can be watched will be periodically cycled out. right now it's serving hits from 2007, mostly things you're probably familiar with if you've sorted by most viewed on some of the more prominent tags.
- only available in japan, so you'll need to use a VPN if you're curious!
- this does affect kadokawa more broadly, of course, so a lot of other services have been knocked offline or are being impacted. hobby dengeki is offline entirely, while kujibikido is unable to process orders.
- the june 14th news release lining up with these other announcements also mentions that payments may be delayed to some business partners, as accounting and payment systems were impacted. good chance that this affects publishing and new releases.
- nico's post most notably has a brief table outling their response so far. as they mentioned prior to this in other announcements, the police were contacted on june 9th, the day after the attack, to help investigate.
from the announcement video embedded above
- nico had already transitioned to remote work, so they've been able to proceed swiftly on recovery without being impacted by the internal network being down.
- some backups may have been encrypted beyond recovery, though investigation is still in a preliminary stage.
- they've indicated this may have been a long-stretching attack more akin to spear phishing targeting specific individuals.
- restoration is being envisioned in a four-stage plan: isolate and clean servers, rescue all possible data, rebuild the service as necessary, and test resiliancy. there's pretty strong hinting that they will effectively need to rebuild much from scratch.

