As announced on April 11, our consolidated subsidiary in Taiwan, RORZE TECHNOLOGY, INC (hereinafter referred to as “RT”), had suffered a ransomware attack. RT has now received the results of an investigation conducted by external experts and would like to report the findings below.
We would like to express our sincere apologies for any concern this incident may have caused to our business partners and all those involved.

1. Overview of the investigation methodology
Due to the difficulty in obtaining information from the ransomware-infected servers encrypted by the attack described in Section 2. Attack Method, we mainly conducted an analysis targeting two servers (AD host [1] and VEEAM host [2]) that were in communication with the infected servers.

2. Attack Method
The cyberattacker gained unauthorized access to RT’s virtualized private network (VPN) via the internet, accessed servers with virtualization infrastructure software [3], executed ransomware, and infected the servers.

3. Information Leakage and Impact on Operations
Since the servers were encrypted, it was difficult to analyze specific file access conditions, making it impossible to determine whether information leakage occurred or the scope of such leakage. The servers were connected to RT’s core business systems, and files containing customer information and personal data were present within the system; however, it was impossible to confirm whether such information was leaked. At the same time, the investigation found no evidence of packaged data or large-scale data being transmitted externally.
Meanwhile, immediately after the ransomware infection, RT isolated the relevant servers from the internal network, disabled the hacked accounts, and confirmed that no abnormalities occurred after reconstructing the affected domains. Currently, the internal systems have been restored using backup servers, and there has been no significant impact on normal business operations.

4. Countermeasures
RT will fundamentally review network access control, including the introduction of multi-factor authentication for VPNs, review server access permissions, and improve firewall settings.

5. Impact on Business Performance
At this point, there is no impact on the performance of our group. We will promptly notify you if any matters requiring disclosure arise in the future.

[1] A server that provides Active Directory domain services, which manage and provide computers on a network.
[2] A server primarily responsible for backing up virtual environments, replicating backup data to another location, and restoring data.
[3] Software that enables multiple virtual computers to run on a physical server using virtualization technology.

[Inquiries regarding this matter]
RORZE CORPORATION Eiichi Isemra , General Manager of Administration Department TEL:+81(0)84-960-0001
Please send e-mail from the inquiry form in Website. https://www.rorze.com/contact_en/