Elden Ring publisher hit by ransomware attack
BlackCat has allegedly encrypted Namco Bandai’s database
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The BlackCat ransomware group, also known as ALPHV, claims to have breached the systems of Namco Bandai, the Japanese video game publisher behind AAA titles such asElden RingandDark Souls.
The news was also first broken by Vx-underground, and later reported by twomalware-watching groups. BlackCat is one of the world’s most popular ransomware strains, even grabbing the attention of the Federal Breau of Investigation (FBI).
However Namco Bandai is currently keeping silent on the matter, making it hard to confirm the authenticity of these claims.
At the FBI’s crosshairs
In April 2022, the FBI issued a warning that BlackCat’s “virulent new ransomware” strain infected at least 60 different organizations in two months’ time. Back then, the FBI described BlackCat as “ransomware-as-a-service”, and said its malware was written in Rust.
While most ransomware strains get written in either C, or C++, the FBI argues that Rust is a “more secure programming language that offers improved performance and reliable concurrent processing.”
BlackCat usually demands payment in Bitcoin and Monero in exchange for the decryption key, and although the demands are usually “in the millions”, has often accepted payments below the initial demand, the FBI says.
Allegedly, the group is strongly tied to Darkside and has “extensive networks and experience” in operating malware andransomwareattacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After achieving initial access to the target endpoints, the group will proceed to compromise Active Directory user and admin accounts and use the Windows Task Scheduler to configure malicious Group Policy Objects (GPOs), to deploy the ransomware.
FBI sounds the alarm over virulent new ransomware strain>Microsoft Exchange servers are being hacked to deploy ransomware>Keep your endpoints safe with the best antivirus software out there
Initial deployment uses PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim’s network.
After downloading and locking down as much data as possible, the group will seek to deploy ransomware onto additional hosts.
The FBI recommends reviewing domain controllers, servers, workstations, and active directories for new or unrecognized user accounts; regularly backing up data, reviewing Task Scheduler for unrecognized scheduled tasks, and requiring admin credentials for any software installation processes, as mitigation measures.
BlackCat has also recently joined Conti’s decentralized network of threat actors, and has successfully breachedMicrosoftExchange servers, on a number of occasions, to deploy ransomware.
Via:PCGamer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
HPE reveals critical security bug affecting networking access points
A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now
Google Gemini is set to finally reach its full potential – and take over from Google Assistant – thanks to a major upgrade
