Cyber Attack Found At Gaming Company Capcom
Are you a gamer? Are you a fan of Resident Evil, Devil May Cry, Mega Man, Monster Hunter or Street Fighter? All of those games have something in common. All were developed by Capcom, a Japanese development company with offices in Japan, the US, and Canada.
Unfortunately, according to a recent disclosure, Capcom is the latest company to fall victim to a nasty ransomware attack.
The company’s disclosure reads in part as follows:
“Beginning in the early morning hours of November 2, 2020 some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers. The company has confirmed that this was due to unauthorized access carried out by a third party, and that it has halted some operations of its internal networks as of November 2.”
The initial disclosure did not reveal the exact nature of the attack. Subsequently, it has come to light that Capcom fell victim to a Ragnar Locker ransomware attack and the hackers responsible have apparently exfiltrated more than a terrabyte’s worth of sensitive and proprietary information. Worse, they are demanding a staggering eleven million dollar ransom, to be paid in Bitcoin.
The ransom note included a link to a password protected web page containing a 24MB sample archive displaying a small fraction of the data the hackers were able to make off with. The data includes revenue forecasts, salary spreadsheets, NDAs, immigration forms, corporate communications, royalty reports, and more.
At the time this article was written, there is no indication as to if or how Capcom plans to respond to the ransom demand. Although it should be noted that hackers are notorious for promising to delete all stolen data once the ransom has been paid, and then putting the information up for sale on the Dark Web anyway, which puts Capcom in a tricky position indeed.
In any event, there’s nothing for you to do in this case. The stolen information does not appear to include customer payment card information, but if you’ve made purchases on the company’s website, it pays to keep a close watch on the payment card you used, out of an abundance of caution.