It would appear that Bandai Namco has succumbed to ransomware. The company responsible for publishing some of gaming’s largest titles has allegedly been ransomed by ALPHV, a group known for ransomware-as-a-service and data breach attacks.
Initially reported on by VentureBeat on July 11, 2022, a ransomware group known as ALPHV is claiming to have successfully ransomed Bandai Namco. The company is responsible for publishing a wealth of video game franchises, including the critically acclaimed Dark Souls series, Soulcaliber, and Ace Combat.
The news of this ransomware attack comes via the vx-underground Twitter account. This account monitors for companies affected by ransomware while also providing “malware source code, samples, and papers” according to its bio. The tweet, seen below, includes a screenshot of the ALPHV blog that suggests Bandai Namco data will be available soon.
ALPHV ransomware group (alternatively referred to as BlackCat ransomware group) claims to have ransomed Bandai Namco.— vx-underground (@vxunderground) July 11, 2022
Bandai Namco is an international video game publisher. Bandai Namco video game franchises include Ace Combat, Dark Souls, Dragon Ball*, Soulcaliber, and more. pic.twitter.com/hxZ6N2kSxl
ALPHV, also known as BlackCat, is a ransomware-as-a-service group. Unlike other ransomware leak sites which operate on the dark web, TechTarget states that ALPHV is a clearnet site that can be accessed without a Tor browser. Though more accessible for customers, it likely makes it far more visible to law enforcement.
Recently, Samsung and NVIDIA suffered data breaches, including Samsung Galaxy mobile devices source code and company data. In the case of Bandai Namco, the information that was stolen may not be related to games but could be personal information.
Reports of this nature offer a good reminder to back up your data and employ the best security measures available to you. Keep that important data on hard drives, cloud storage, or whatever other means of preservation there is. Remember to also activate two-factor authentication wherever you can.