Bandai Namco reportedly hacked by ransomware group

Gwyn
(Image credit: Bandai Namco / FromSoftware)

Update 13 July 2022: Bandai Namco has confirmed that it was hacked. Original story follows.

The Japanese videogame giant Bandai Namco has reportedly become the victim of a ransomware attack by a group that style themselves ALPHV, but is also known by the name BlackCat. The news has been reported by two malware-watching groups, and was first announced by Vx-underground alongside an image from ALPHV's darkweb blog claiming the attack (thanks, Kotaku).

Bandai Namco has not responded to a request for comment. Until the publisher acknowledges the hack or other sources emerge, the story remains unconfirmed. I also contacted the two malware-watching organisations who initially reported the hack, and will update with any additional information.

The group that has apparently targeted Bandai Namco has been known for a while, and some malware researchers believe the contemporary ALPHV is linked to earlier ransomware such as BlackMatter or Noberus. The BlackCat moniker comes from an image of a black cat on the blog that shows the group's victims.

What we can say is that an attack by ALPHV is seriously bad news for its victim. The group is an FBI target and previously boasted of wanting to create a "ransomware metaverse" to The Record. If you wonder what that nightmare phrase might mean, imagine kidnappers-for-hire at the highest of prices. From December 4 2021 BlackCat has been advertised on Russian-language underground markets, per Hacker News, and calls itself "the next generation of ransomware."

"Without exaggeration, we believe that at the moment, there is no competitive software on the market," said an ALPHV representative in February. "In addition to high-quality software, for advanced partners, we provide the full range of services related to ransom—metaverse or premium concierge—call it whatever you want. We are in a different weight category, so we don’t recognize anyone, and we won’t do TikTok ransomware houses. Separately, we want to thank the media for a detailed and honest review of the malware. The results speak for themselves."

The ALPHV group has also recently began pursuing a new tactic: publishing victims' information to the clear web, so that it gets indexed by search engines and can be seen by the public.

Whatever name this group goes by at a given point in time, it looks like Bandai Namco may be among ALPHV's latest victims. At the time of publishing, the publisher's official accounts have not said in anything in almost a day.

Rich Stanton

Rich is a games journalist with 15 years' experience, beginning his career on Edge magazine before working for a wide range of outlets, including Ars Technica, Eurogamer, GamesRadar+, Gamespot, the Guardian, IGN, the New Statesman, Polygon, and Vice. He was the editor of Kotaku UK, the UK arm of Kotaku, for three years before joining PC Gamer. He is the author of a Brief History of Video Games, a full history of the medium, which the Midwest Book Review described as "[a] must-read for serious minded game historians and curious video game connoisseurs alike."