1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Elden Ring publisher hit by ransomware attack

    From TechnologyDaily@1337:1/100 to All on Wed Jul 13 16:30:04 2022
    Elden Ring publisher hit by ransomware attack

    Date:
    Wed, 13 Jul 2022 15:02:42 +0000

    Description:
    Namco Bandai is yet to confirm claims of an attack by BlackCat ransomware.

    FULL STORY ======================================================================

    The BlackCat ransomware group, also known as ALPHV, claims to have breached the systems of Namco Bandai, the Japanese video game publisher behind AAA titles such as Elden Ring and Dark Souls .

    The news was also first broken by Vx-underground, and later reported by two malware -watching groups. BlackCat is one of the worlds most popular ransomware strains, even grabbing the attention of the Federal Breau of Investigation (FBI).

    However Namco Bandai is currently keeping silent on the matter, making it
    hard to confirm the authenticity of these claims. At the FBI's crosshairs

    In April 2022, the FBI issued a warning that BlackCats virulent new
    ransomware strain infected at least 60 different organizations in two months time. Back then, the FBI described BlackCat as ransomware-as-a-service, and said its malware was written in Rust.

    While most ransomware strains get written in either C, or C++, the FBI argues that Rust is a more secure programming language that offers improved performance and reliable concurrent processing.

    BlackCat usually demands payment in Bitcoin and Monero in exchange for the decryption key, and although the demands are usually in the millions, has often accepted payments below the initial demand, the FBI says.

    Allegedly, the group is strongly tied to Darkside and has extensive networks and experience in operating malware and ransomware attacks.

    After achieving initial access to the target endpoints, the group will
    proceed to compromise Active Directory user and admin accounts and use the Windows Task Scheduler to configure malicious Group Policy Objects (GPOs), to deploy the ransomware. Read more

    FBI sounds the alarm over virulent new ransomware strain


    Microsoft Exchange servers are being hacked to deploy ransomware


    Keep your endpoints safe with the best antivirus software out there

    Initial deployment uses PowerShell scripts, in conjunction with Cobalt
    Strike, and disables security features within the victims network.

    After downloading and locking down as much data as possible, the group will seek to deploy ransomware onto additional hosts.

    The FBI recommends reviewing domain controllers, servers, workstations, and active directories for new or unrecognized user accounts; regularly backing
    up data, reviewing Task Scheduler for unrecognized scheduled tasks, and requiring admin credentials for any software installation processes, as mitigation measures.

    BlackCat has also recently joined Contis decentralized network of threat actors, and has successfully breached Microsoft Exchange servers, on a number of occasions, to deploy ransomware. These are the best firewalls around

    Via: PCGamer



    ======================================================================
    Link to news story: https://www.techradar.com/news/elden-ring-publisher-hit-by-ransomware-attack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)