On Monday, June 11, 2022, the information about the cyberattack on the video game publisher Bandai Namco appeared. Reportedly, a novice cybercrime group BlackCat/ALPHV ciphered the company’s files and leaked its data, as the report on their Darknet leak page says.
Ransomware Attack on Bandai Namco
The Japanese game studio was reportedly struck by ALPHV ransomware earlier this day. The way of penetration, as well as the ransom sum, remain unknown. That is typical for BlackCat ransomware group – earlier, they kept the details of attack on University of Pisa in secret, until the university did not uncover the info by themselves. At those case, they asked for $4.5 million – a pretty average sum for the organisation of this size. However, Bandai Namco has a much bigger turnover, so the hackers may ask for twin- or triplefold bigger sum.
ALPHV ransomware group (alternatively referred to as BlackCat ransomware group) claims to have ransomed Bandai Namco.
Bandai Namco is an international video game publisher. Bandai Namco video game franchises include Ace Combat, Dark Souls, Dragon Ball*, Soulcaliber, and more. pic.twitter.com/hxZ6N2kSxl
— vx-underground (@vxunderground) July 11, 2022
Still, the penchant for secrecy in the BlackCat group is only partial. After the other successful attack, this group began publishing the leaked info soon after the target company refused to pay the ransom. Contrary to the vast majority of ransomware groups, they posted it not on the Darknet page, but in the Surface web – accessible to any user. Pretty soon the site was disabled, but the fact remains – they are not just selling the data, but also shaming their victims. Still, that may be a sophisticated way to force the company to notify about the cybersecurity incident.
About BlackCat/ALPHV group
BlackCat group is a notorious cybercriminal gang that appeared in November 2021. In June 2022, they accounted for over 30% of all ransomware attacks. These days, it splits the ransomware arena with the LockBit group – another infamous gang that has been running since 2019. Obviously, it is incorrect to call the BlackCat/ALPHV gang a newbie – a lot of analysts assume that it is just a rebranding of BlackMatter ransomware that ceased its activity in May, 2021. The latter is widely known for their attack on Colonial Pipeline, which caused a serious gas price surge on the US East Coast.
However, BlackCat as a novel gang got their own “identity”. First and foremost, they use a unique payload on Rust programming language. This language is a rare guest in malware, so their malware can easily bypass the protection mechanisms. And it successfully does that on Windows, and even on *NIX systems. Another notable element of this gang is their recruitment policy – they take only 10% of a ransom sum. In addition to hiring the hackers from REvil, DarkSide and Conti groups, that creates a quasi-team of professionals. In fact, they are still just criminals – but extremely dangerous ones.