The attacker behind the Bandai Namco security breach is a well-known name. According to the FBI, the BlackCat/ALPHV group has been documented as the perpetrator of attacks on 60 entities across the globe, so far. It is also the first known ransomware group to use the RUST programming language for launching cyberattacks. Renowned malware researcher Michael Gillespie described the group’s eponymous attack vector as “very sophisticated ransomware.”
Know to collect their ransom bounty in the form of Bitcoin and Monero crypto coins, the group is also linked to the famous Colonial Pipeline hack. In May 2022, the group launched an attack on the Austrian federal state of Carinthia, disrupting multiple critical government services linked to traffic management, passport generation, and more (via Euractiv). The group demanded $5 million in ransom to unlock the affected computer network.
In June, the ALPHV/BlackCat ransomware group adopted a new strategy that involved publicly sharing the stolen data in order to force the victim into paying the ransom, according to KrebsOnSecurity. While a majority of ransomware groups publish the leaked data on the dark net, which can only be accessed via Tor services, ALPHV/BlackCat put their haul on the World Wide Web, which means it was available for anyone to see, increasing the pressure on victims.