Capcom Latest Multinational To Be Hit By Disruptive Cyber-Attack

Japanese game maker Capcom has been hit by a security breach that has disrupted its internal systems.

Industry watchers said the attack may also have led to the theft of sensitive corporate data, with Capcom reportedly having been targeted by the Ragnar Locker ransomware group.

Capcom produces some of the gaming industry’s best known titles, including Resident Evil and Street Fighter.

The company said it became aware of the attack on Monday, 2 November, when it began experiencing disruption to internal systems including email and file servers.

Disruption

“Beginning in the early morning hours of November 2, 2020 some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers,” the company said in an official statement.

It said it had confirmed the disruption was due to “unauthorised access carried out by a third party”.

Capcom said it disabled portions of its network to halt the attack’s progress.

At the end of the week the company said it was continuing to experience email and web form communications issues due to the attack’s effects on its servers.

Capcom also said it was temporarily unable to respond to document requests.

The company said there was no indication “at present” that customer information had been stolen, and said online gameplay was not affected.

The game maker added that it is carrying out an investigation with law enforcement, while taking measures to restore its systems.

Ragnar Locker

Several security researchers said the attack was the work of the Ragnar Locker ransomware gang.

In a ransom note published by Bleeping Computer, the gang claimed to have stolen 1TB of unencrypted internal data from servers in Canada, Japan and the US, and said it would release or sell the data if Capcom did not pay a ransom.

The ransom note was reportedly accompanied by screenshots of files including employee termination agreements, Japanese passports, bank and contractor statements and Active Directory users.

The note linked to a 24MB archive with further documents including NDAs, salary spreadsheets, corporate communications and royalty reports.

The data in the report was taken from a ransomware sample recovered by researcher Pancak3, who confirmed the involvement of Ragnar Locker via Twitter.

According to Pancak3, the gang claims to have encrypted 2,000 devices on Capcom’s networks and is demanding $11 million (£8.3m) in Bitcoin to decrypt them.

Data theft

In the ransom note, Ragnar Locker claims it will delete the stolen data on payment of a ransom. However, law enforcement authorities advise organisations not to pay such ransoms as there is no guarantee the criminals will hold to their word.

This year Ragnar Locker has carried out major hacks on Portuguese energy giant Energias de Portugal (EDP), demanding a $10.9m ransom, and French logistics company CMA CGM, which led to significant disruption of the company’s operations.

Researchers have noted an increasing trend toward combining ransomware attacks with the theft of sensitive corporate documents.

In April the DoppelPaymer gang released documents stolen from contractors to SpaceX, Tesla, Boeing, Lockheed-Martin and the US Navy after their targets refused to pay ransoms.