Bandai Namco confirms ransomware hack of internal servers

Yesterday it was reported, though unconfirmed at the time, that Japanese videogame giant Bandai Namco had been the victim of a ransomware attack. The corporate playbook in these circumstances is to keep quiet until the damage has been assessed: unless, that is, customer data has been affected, in which case it's a whole other ballgame.

Such seems to be the case here. Bandai Namco has now issued an official statement acknowledging the breach, which is titled 'Regarding Unauthorized Access to Bandai Namco Group Companies in Asian Regions (Excluding Japan)' and reads:

"On July 3, 2022, Bandai Namco Holdings Inc. confirmed that it experienced an unauthorized access by third party to the internal systems of several Group companies in Asian regions (excluding Japan). After we confirmed the unauthorized access, we have taken measures such as blocking access to the servers to prevent the damage from spreading.

"In addition, there is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage, scope of the damage, and investigating the cause."

Bandai Namco goes on to say it will disclose the results of its investigation "as appropriate" and work on strengthening its security. It ends by offering "our sincerest apologies to everyone involved for any complications or concerns caused by this incident."

The news was broken by the malware-watching bunch vx-underground. The group that targeted Bandai Namco is known as ALPHV, and has been linked rightly or wrongly with earlier ransomware such as Noberus. The BlackCat moniker comes from an image of a black cat on the group's blog.

I asked a representative of vx-underground to explain just what ALPHV is, and the tactics they use: such as releasing confidential information in public.

"ALPHV is a double extortion group," the rep writes. "They lock the machines to disrupt operations and also exfiltrate data—the goal is to apply pressure to force [the victim] to pay. So, regardless if they can resume operations they do not want company secrets exposed.

"Embarrassment is only a small piece of the puzzle. Sure, it is bad publicity to see a Russian cyber cartel openly disclose a breach—but knowing [that it can also leak] sensitive financial data (or proprietary data) is far worse."

ALPHV is also a seriously active and going concern. PC Gamer is covering this because Bandai Namco is an enormous games publisher, but plenty of the group's targets never make the headlines. "Some mainstream media outlets cover ransomware activity," writes the vx-underground rep. "I know CNN, MSNBC, and others do for their 'cyber crime' and tech sections. However, they usually look for things geopolitical focused, 'cyber war', or sometimes things like scamming home users or something... Many people in the world [would] not be as focused on Bandai Namco... That is not their demographic."

ALPHV is bad news for its victims. It has previously boasted of wanting to create a "ransomware metaverse" to The Record, and is sold on underground markets (per Hacker News) as "the next generation of ransomware." The latest tactic is publishing victims' information to the clear web, so that it gets indexed by search engines, and threatening more unless multi-million payments are made.

I asked how active the hacker ALPHV group is outside of incidents like this that make headlines.

"From the best of my knowledge ALPHV has approx 25 hackers as 'employees' and is constantly breaching companies. They are ALWAYS ransoming... So... Ya lol."