Elden Ring Publisher Bandai Namco Falls Prey To BlackCat Ransomware Attack

elden ring publisher blackcat ransomware attack news
We cover both ransomware and Elden Ring fairly regularly here at HotHardware, but it’s a sad day when those two things meet. The ransomware attacks that often receive the most coverage are those that disrupt major supply lines and infrastructure, raising national security concerns. However, ransomware gangs carry out many other ransomware attacks that don’t cause the same level of social disruption as attacks on major infrastructure, but are nonetheless disruptive to the operations of their victims and stand as a cause for concern.

On Monday, the BlackCat/ALPHV ransomware group, which is thought to be a rebrand version of the BlackMatter/DarkSide group that carried out the majorly disruptive Colonial Pipeline attack, published a notice to its dedicated leak site (DLS) naming Bandai Namco as a recent victim of its ransomware. Two days later, the company provided a statement to VGC confirming the attack.

elden ring publisher blackcat ransomware attack dls news
BlackCat/ALPHV dedicated leak site listing Bandai Namco as a victim

Bandai Namco is the Japan’s third largest video game company in terms of both revenue and market capitalization and is the publisher of big-name titles such as Pac-Man, Tekken, Darksouls, and FromSoftware’s most recent game, Elden Ring. Neither Bandai Namco nor ALPHV have provided many details about the attack and the data involved. Ransomware gang’s sometimes publish a sample dataset or a view of the file tree, but the ALPHV website simply states, “Data soon.” The only information we can glean from this message is that the ransomware gang may intend to conduct double extortion by threatening to publicly release stolen data in addition to having encrypted some of Bandai Namco’s computer systems.

However, it isn’t entirely clear that ALPHV even has encrypted any of the game company’s files. Sometimes ransomware gangs choose to simply exfiltrate data and threaten to publish it, skipping over the data encryption step, and Bandai Namco’s statement makes no explicit reference to ransomware or disruption caused by encryption of its computer systems. The company’s statement instead refers to the incident as a case of unauthorized access, but makes clear that an investigation is ongoing, so further details may be forthcoming. For now, Bandai Namco customers should know that some customer information may have been caught up in the breach.

The following is the full statement Bandai Namco povided to VGC: “After we confirmed the unauthorized access, we have taken measures such as blocking access to the servers to prevent the damage from spreading. In addition, there is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about existence of leakage, scope of the damage, and investigating the cause. We will continue to investigate the cause of this incident and will disclose the investigation results as appropriate. We will also work with external organizations to strengthen security throughout the Group and take measures to prevent recurrence. We offer our sincerest apologies to everyone involved for any complications or concerns caused by this incident.