The first half of 2025 saw a 1.4-fold increase in ransomware attacks in Japan compared to the previous year, with 68 confirmed cases. Small and medium-sized enterprises remained the primary targets, with manufacturing being the most affected industry. The ransomware group Qilin emerged as the most active threat, responsible for eight incidents. A new group, Kawa4096, appeared in late June, targeting Japanese companies. The analysis also details the KaWaLocker ransomware, including its configuration, encryption methods, and the emergence of KaWaLocker 2.0 with enhanced features. The continued evolution and intensification of ransomware activities in Japan highlight the need for increased cybersecurity measures across various industries.