Video game giant Capcom has confirmed that it has been hit by a ransomware attack that affected access to certain systems – including email and file servers – and encrypted 1 terabyte (TB) of sensitive data.
The Japanese video game developer and publisher has developed a number of multi-million selling game franchises – including Resident Evil, Street Fighter and Darkstalkers. The company first detected the cyberattack on Nov. 2; it confirmed the hack was due to unauthorized access carried out by a third party, and halted some operations of its internal networks later in the day.
More recently, on Nov. 19, Capcom said in a new update that additional personal and corporate information may have been compromised in this attack – including personal data of former employees, shareholders, store member, website member and more.
“Capcom expressed its deepest regret for any inconvenience this may cause to its various stakeholders,” the company said in a Wednesday advisory on its website. “Further, it stated that at present there is no indication that any customer information was breached. This incident has not affected connections for playing the company’s games online or access to its various websites.”
Currently, the company is consulting with law enforcement and taking measures to restore its systems. There are no further details on how the attack began at this time.
According to Bleeping Computer, the Ragnar Locker ransomware was used in the cyberattack. The Ragnar Locker ransomware is a novel strain known to distribute ransomware payloads via virtual machines. The attackers behind the Ragnar Locker ransomware in particular are known for stealing data before encrypting networks, as was the case in April, in an attack on the North American network of Energias de Portugal (EDP). The cyberattackers claimed to have stolen 10 TB of sensitive company data, and demanded a payment of 1,580 Bitcoin (approximately $11 million).
Bleeping Computer was able to access the ransom note that was on Capcom’s computers during the attack. The note claims that the ransomware gang has downloaded more than 1TB of company data – including banking statements and financial files, Intellectual Property, corporate agreements and contracts, non-disclosure agreements and private corporate correspondence (such as emails, marketing presentations, audit reports). The note also contains a link to a private data leak page on the ransomware’s website, as well as a link to the Ragnar Locker Tor negotiation site, according to Bleeping Computer.
“According to reports, ransomware operators leveraging the Ragnar Locker ransomware variant are responsible for the attack; however, Capcom has not directly confirmed this,” Jamie Hart, Cyber Threat Intelligence Analyst at Digital Shadows, told Threatpost. “Threat actors may target companies within the video game industry due to the potential for a high payout.”
The attack is not the first time threat actors have been observed targeting video game development organizations, said Hart. For instance, the operators of the Egregor ransomware targeted game developers Ubisoft and Crytek in October. Additionally, the operators of the Sodinokibi (REvil) ransomware have reportedly promised an attack targeting a very large video game developer in the future.
This article was updated on Nov. 19 at 10 am with further information about the attack.