• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Capcom hit by ransomware attack, is reportedly being extorted for $11 million

IbizaPocholo

NeoGAFs Kent Brockman

Earlier this week it emerged that third-party giant Capcom's internal systems had been hacked, though the company claimed that no customer data was affected. It has now emerged that the publisher was targeted by the Ragnar Locker ransomware, software designed to exfiltrate information from internal networks before encrypting the lot: at which point the victim is locked-out, contacted, and extorted.

Bleeping Computer broke the story, and managed to access the Ragnar Locker sample (a 'proof' provided to the victim by the hackers), which contains the ransom note allegedly delivered to Capcom. It reads as follows.

"We have BREACHED your security perimeter and get access to every server of company's Network in different offices located in Japan, USA, Canada.

"So we has DOWNLOADED more than 1TB total volume of your PRIVATE SENSITIVE Data, including:

"-Accounting files, Banking Statements, Budget and Revenue files classified as Confidential, Tax Documents

"-Intellectual Property, Proprietary Business information, Clients and Employees Personal information (Such as Passports and Visa), Incidents Acts

"-Corporate Agreements and Contracts, Non-Disclosure Agreements, Confidential Agreements, Sales Summaries

"-Also we have your Private Corporate Correspondence, Emails and Messanger Conversations, Marketing presentations, Audit reports and a lot of other Sensitive Information

"If NO Deal made than all your Data will be Published and/or Sold through an auction to any third-parties."


According to malware researcher Pancak3, the hackers are demanding $11 milllion in bitcoin for a decryptor key. Such a sum roughly equates to another big Ragnar Locker hack announced yesterday, of the drinks maker Campari, where as ZDNet reports the demand is around $15 million.

The independent MalwareHunterTeam also confirmed that Ragnar Locker is behind the Capcom hack, while adding that both hacks had the same digital signature.
 
This happened to Garmin a few month ago. Their whole system went offline. (Garmin do fitness GPS stuff n stuff) It was offline for about 3 weeks until what looked like they paid for the key. Sure that was 11mill too. They got all their shit back and online. Crazy times.
 

Northeastmonk

Gold Member
If they knew anything about cyber crime then they’d have to have backups. I just hope whoever does their backups were checking in on them and they weren’t failing for months/years.

I wonder if it was from an employee clicking an email or a bad link? What kind of antivirus software do they use? Even when your network is protected, it most of the time comes down to someone who clicks on something without first considering what it is.
 
Last edited:

acm2000

Member
Question is, would it be cheaper for them to just bid in the auction than to pay the ransom?
 
Last edited:
F

Foamy

Unconfirmed Member
Eleven million is a bit of an odd number.
Maybe they wanted ten million but had to ask for that extra 10% to cover agent fees.
 

Northeastmonk

Gold Member
An update to the cyber attack. It was a backup VPN they were using.
As for how the attack happened, Capcom explained that unauthorised access to the company's internal network was acquired in October 2020 through an old backup VPN at Capcom USA. It seems Covid-19 had a hand in creating conditions for the attack to be successful, as although Capcom had already started switching to newer VPN devices, the growing strain on the company's network due to working from home meant the older VPN was kept as "an emergency backup in case of communication issues". This VPN became the target of the cyber attack, and through this the attackers were able to compromise devices at Capcom's US and Japanese offices, leading to the theft of information.
spooder.png

In the meantime, don't trust any early access invitations for Resident Evil Village, as Capcom has warned these are part of a phishing scam.

 
Top Bottom