Video game giant Capcom has reportedly been hit by a ransomware attack that affected access to certain systems – including email and file servers – and encrypted 1 terabyte (TB) of sensitive data.
The Japanese video game developer and publisher has developed a number of multi-million selling game franchises – including Resident Evil, Street Fighter and Darkstalkers. The company first detected the cyberattack on Monday morning; it confirmed the hack was due to unauthorized access carried out by a third party, and halted some operations of its internal networks later in the day.
“Capcom expressed its deepest regret for any inconvenience this may cause to its various stakeholders,” the company said in a Wednesday advisory on its website. “Further, it stated that at present there is no indication that any customer information was breached. This incident has not affected connections for playing the company’s games online or access to its various websites.”
Currently, the company is consulting with law enforcement and taking measures to restore its systems. There are no further details on how the attack began at this time; Threatpost has reached out to Capcom for further comment.
According to Bleeping Computer, the Ragnar Locker ransomware was used in the cyberattack. The Ragnar Locker ransomware is a novel strain known to distribute ransomware payloads via virtual machines. The attackers behind the Ragnar Locker ransomware in particular are known for stealing data before encrypting networks, as was the case in April, in an attack on the North American network of Energias de Portugal (EDP). The cyberattackers claimed to have stolen 10 TB of sensitive company data, and demanded a payment of 1,580 Bitcoin (approximately $11 million).
Bleeping Computer was able to access the ransom note that was on Capcom’s computers during the attack. The note claims that the ransomware gang has downloaded more than 1TB of company data – including banking statements and financial files, Intellectual Property, corporate agreements and contracts, non-disclosure agreements and private corporate correspondence (such as emails, marketing presentations, audit reports). The note also contains a link to a private data leak page on the ransomware’s website, as well as a link to the Ragnar Locker Tor negotiation site, according to Bleeping Computer.
“According to reports, ransomware operators leveraging the Ragnar Locker ransomware variant are responsible for the attack; however, Capcom has not directly confirmed this,” Jamie Hart, Cyber Threat Intelligence Analyst at Digital Shadows, told Threatpost. “Threat actors may target companies within the video game industry due to the potential for a high payout.”
The attack is not the first time threat actors have been observed targeting video game development organizations, said Hart. For instance, the operators of the Egregor ransomware targeted game developers Ubisoft and Crytek in October. Additionally, the operators of the Sodinokibi (REvil) ransomware have reportedly promised an attack targeting a very large video game developer in the future.
Ransomware attacks as a whole have spiked during the pandemic so far in 2020; with cybercriminals targeting everything from hospitals to local counties during the U.S. Election to universities.
Hackers Put Bullseye on Healthcare: On Nov. 18 at 2 p.m. EDT find out why hospitals are getting hammered by ransomware attacks in 2020. Save your spot for this FREE webinar on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, limited-engagement webinar.