Bandai Namco, the Japanese publisher behind the Ace Combat, Dragon Ball Z, and Dark Souls games, appears to be the latest major gaming company to suffer a major hack. The ransomware group BlackCat added the Elden Ring publisher to its list of victims earlier today, though it’s not yet clear the extent of the damage or how much money the group is demanding.
“ALPHV ransomware group (alternatively referred to as BlackCat ransomware group) claims to have ransomed Bandai Namco,” vx-underground, a group that monitors malware source code on the web, posted on Twitter Monday. Attached was a screenshot of the ALPHV ransomware blog where the group tracks its targets, with Bandai Namco listed under the threat of “data soon” as of July 11.
Bandai Namco did not immediately respond to a request for comment. Vx-underground has previously reported on other hacks, including the infamous Lapsu$ one, before the companies themselves have confirmed them. The ransomware watch group DarkFeed also shared a screenshot of BlackCat’s claimed hack earlier today. Vx-underground and DarkFeed didn’t immediately respond to a request for comment either.
BlackCat, members of which were believed to also be involved in the Colonial Pipeline hack last year, have been ramping up ransomware attacks, according to some computer security analysts as well as the FBI. Most recently, the hacks have resulted in BlackCat posting private employee data online if the victims refuse to pay up. In the past, the group has demanded millions, and targeted school districts and other public entities in addition to for-profit companies.
If legitimate, this would be just the latest in a longline of recent hacks at major gaming companies. Capcom was hit in late 2020, with several of its upcoming unannounced releases like Dragon’s Dogma 2 leaking at the time. A now famous hack of graphics chip manufacturer Nvidia ended up leaking tons of other big gaming projects like Kingdom Hearts 4. CD Projekt Red, the Polish studio behind The Witcher 3 and Cyberpunk 2077, had employee data and the source code for one of its games stolen in early 2021. Even FIFA publisher Electronic Arts was hit, with the alleged perpetrators trying to get media outlet Vice to blackmail the company on its behalf.
It’s unclear how much of the seeming uptick in security breaches is due to new techniques deployed by hackers vs. the greater challenges companies faced when moving to working from home during the global pandemic. Capcom blamed part of its vulnerability on remote work. At the same time, the blockchain network hosting crypto gaming juggernaut Axie Infinity suffered one of the most expensive hacks in history earlier this year, reportedly all because an employee fell for an elaborate phishing scheme.
Earlier this year, Bandai Namco took the servers for Dark Souls I, II, and III offline after a dangerous remote code execution (RCE) exploit was discovered.
