The BlackCat ransomware group, also known as ALPHV, claims to have breached the systems of Namco Bandai, the Japanese video game publisher behind AAA titles like Elden Ring and Dark Souls.
The news was also first reported by Vx-underground and later by two malware watchdog groups (opens in a new tab). BlackCat is one of the most popular ransomware strains in the world, and it even attracted the attention of the Federal Breau of Investigation (FBI).
However, Namco Bandai is currently keeping quiet on the matter, making it difficult to confirm the authenticity of these claims.
In the sights of the FBI
In April 2022, the FBI issued a warning that BlackCat's "virulent new ransomware" strain had infected at least 60 different organizations in two months. At the time, the FBI described BlackCat as "ransomware-as-a-service" and claimed that its malware was written in Rust.
While most varieties of ransomware are written in C or C++, the FBI says Rust is a "more secure programming language that offers improved performance and reliable concurrent processing."
BlackCat typically requires payment in Bitcoin and Monero in exchange for the decryption key, and while requests are typically "in the millions," it has often accepted payments less than the original request, according to the FBI.
The group apparently has strong ties to Darkside and has "extensive networks and experience" in exploiting malware and ransomware attacks (opens in a new tab).
After gaining initial access to the target endpoints, the group will proceed to compromise Active Directory user and administrator accounts and use Windows Task Scheduler to configure malicious Group Policy Objects (GPOs) to deploy the ransomware. .
The initial implementation uses PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim's network.
After downloading and locking down as much data as possible, the group will look to deploy ransomware to additional hosts.
The FBI recommends scanning domain controllers, servers, workstations, and active directories for new or unrecognized user accounts; perform regular data backups, scan the task scheduler for unrecognized scheduled tasks, and require administrator credentials for any software installation process, such as mitigation measures.
BlackCat also recently joined Conti's decentralized network of malicious actors and successfully breached Microsoft Exchange servers, multiple times, to deploy ransomware.
Via: PCGamer (opens in a new tab)