We take a look at a major ransomware attack impacting video game giant Bandai Namco, laced with the potential threat of data leakage.
It’s not been a great couple of months for gaming giant Bandai Namco. The name behind smash hit titles like Elden Ring and Dark Souls has endured a long run of cheats and hacks.
Hacking concerns led to Remote Code Execution issues, and multiplayer features in Souls titles were disabled for months. In March, in-game cheats in Elden Ring meant players had to turn off multiplayer to avoid new attacks.
We’re now in July and Bandai Namco has experienced its most severe issue yet, confirming it has fallen victim to a severe ransomware attack.
Eurogamer published a Bandai Namco statement, which reads as follows:
On 3rd July, 2022, Bandai Namco Holdings Inc. confirmed that it experienced an unauthorised access by third party to the internal systems of several Group companies in Asian regions (excluding Japan).
“After we confirmed the unauthorised access, we have taken measures such as blocking access to the servers to prevent the damage from spreading. In addition, there is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage, scope of the damage, and investigating the cause.
“We will continue to investigate the cause of this incident and will disclose the investigation results as appropriate. We will also work with external organizations to strengthen security throughout the Group and take measures to prevent recurrence.
While triple threat attacks are becoming increasingly popular, double threat (locking up data and then threatening to make it public if the ransom isn’t paid) are still big business. What we have here is a classic double threat, being run by a group with no qualms about following through on its promises.
ALPHV ransomware group (alternatively referred to as BlackCat ransomware group) claims to have ransomed Bandai Namco.
Bandai Namco is an international video game publisher. Bandai Namco video game franchises include Ace Combat, Dark Souls, Dragon Ball*, Soulcaliber, and more. pic.twitter.com/hxZ6N2kSxl
— vx-underground (@vxunderground) July 11, 2022
In the tweet above, the screenshot refers to the compromise as “data soon”. The fear is that data is going to be leaked at some point in the near future. There is currently no word how much data has been grabbed, or what the ransomware authors are asking as payment.
Whether the data is related to employees, third parties, or even customers, we simply don’t know. Games publishers and developers are also host to significant amounts of confidential data for unreleased and unannounced games. This is an additional angle to consider. Would attackers value secret game IP over user data? Possibly.
The bad news carousel
This lands at a really bad time for Bandai Namco. It’s not so long ago that the Dark Souls multiplayer servers were in the process of being switched back on. This could well throw a large ransomware shaped spanner into the works for those plans.
There has to be concern over the considerable skillet of the BlackCat attackers, considering some of its likely past exploits. BlackCat stands accused of attacks on some of Europe’s largest ports back in February of this year. January saw data published belonging to a luxury fashion brand, and it wasn’t so long ago that it was publishing stolen data related to a luxury spa and resort located in the US.
This is one group which will absolutely carry out its double threat extortion threats. BlackCat is also ramping up its typical ransom amount, currently weighing in at around $2.5m. It remains to be seen how Bandai Namco handles this situation. Unfortunately for the publisher and their customers, the ransomware authors are firmly in the driving seat.