It was reported yesterday, although not yet confirmed at the time (opens in new tab), that Japanese video game giant Bandai Namco had fallen victim to a ransomware attack. The corporate playbook in these circumstances is to remain silent until damage is established: unless, that is, customer data has been compromised, in which case it's a completely different case.
That seems to be the case here. Bandai Namco has now issued an official statement acknowledging the breach (opens in new tab)entitled “Concerning Unauthorized Access to Bandai Namco Group Companies in Asian Regions (excluding Japan)” and reads as follows:
“On July 3, 2022, Bandai Namco Holdings Inc. confirmed that it had experienced unauthorized third-party access to the internal systems of several group companies in Asian regions (excluding Japan). After confirming the unauthorized access, we took action such as blocking access to the servers to prevent the damage from spreading.
"In addition, there is a possibility that customer information related to the toy and hobby business in Asian regions (excluding Japan) is contained in the servers and PCs, and we are currently identifying the status about the existence of leakage, extent of damage, and investigate the cause."
Bandai Namco went on to say it will disclose the results of its investigation "if appropriate" and will work to strengthen its security. It ends by offering "our sincere apologies to all involved for any complications or concerns caused by this incident."
The news was broken by the malware-watching couple vx-underground. The group that targeted Bandai Namco is known as ALPHV and has been rightly or wrongly associated with previous ransomware such as Noberus. The name BlackCat comes from an image of a black cat on the group's blog.
The ALPHV ransomware group (also known as BlackCat ransomware group) claims to have ransomed Bandai Namco. Bandai Namco is an international video game publisher. Bandai Namco video game franchises include Ace Combat, Dark Souls, Dragon Ball*, Soulcaliber and more. pic.twitter.com/hxZ6N2kSxlJuly 11, 2022
I asked a representative from vx-underground to explain exactly what ALPHV is, and the tactics they use: such as releasing confidential information in public.
“ALPHV is a double extortion group,” the representative writes. "They lock down the machines to disrupt operations and also exfiltrate data — the purpose is to apply pressure to force." [the victim] Pay. So regardless of whether they can resume operations, they don't want any trade secrets to be revealed.
"Shyness is only one small piece of the puzzle. Sure, it's bad publicity to see a Russian cyber cartel openly revealing an infringement, but knowing [that it can also leak] sensitive financial data (or property data) is much worse."
ALPHV is also a serious active and continuous company. PC Gamer does this because Bandai Namco is a huge game publisher, but many of the group's targets never make the headlines. “Some mainstream media are reporting ransomware activity,” writes the vx-underground representative. “I know that CNN, MSNBC and others do that for their 'cyber crime' and tech sections. However, they usually look for things that are geopolitical, 'cyber war', or sometimes things like scamming home users or something... Lots of people in the world [would] not being so focused on Bandai Namco... That's not their demographic."
ALPHV is bad news for its victims. It previously boasted of wanting to create a "ransomware metaverse" for The Record and is being sold in underground markets (per Hacker News) as "the next generation of ransomware". The latest tactic is to publish victim information on the clear web, so that it will be indexed by search engines, and threaten more unless millions are paid.
I asked how active the hacker ALPHV group is outside of these kinds of incidents that make headlines.
"As far as I know, ALPHV has about 25 hackers as 'employees' and is constantly breaching companies. They are ALWAYS out to make ransom... So... Ya lol."
Comments
Post a Comment