Game Maker Capcom has recently fallen prey to a grave ransomware attack that not only blocked most of its servers but also stole sensitive files amounting to 1 terabyte (TB) in total. The attack reportedly took place on November 2 after a suspicious third party gained admin access and disrupted the company’s internal PC network. Luckily, the data breach does not appear to have impacted Capcom’s customer base. Nor has it hindered their online gaming experience, company officials said shortly after the incident.
The Attack Utilized the Ragnar Locker Ransomware
Although the developer of the popular Resident Evil and Street Fighter game franchises has disclosed no particulars on how the attack unfolded, researchers have identified the Ragnar Locker Ransomware as the main protagonist therein. Ragnar Locker is a relatively new ransomware strain which exploits security flaws in virtual machines to harvest network data before encrypting them. In Capcom’s case, the actors behind Ragnar Locker claim to have got a grip on more than 1 TB worth of corporate files including but not limited to email correspondence, business agreements, and financial documents, to name but a few. The crooks demand that Capcom contact them via live chat to strike a deal about the decryption key. The ransom note (see below) does not stipulate the exact ransom amount. However, if the April 2020 Ragnar Locker attack against Energias de Portugal's North American division is anything to go by, an educated guess hinting at roughly $1 million per terabyte of stolen data would hardly be far from the truth.
Ragnar Locker Ransomware attacking Capcom ransom note text
Here’s the text of the note above:
If you reading this message, it means your network was PENETRATED and all of your files and data has been ENCRYPTED by RAGNAR LOCKER!
*YOU HAVE TO CONTACT US via LIVE CHAT IMMEDIATELY TO RESOLVE THIS CASE AND MAKE A DEAL*
(contact information you will find at the bottom of this notes)
!!!!! WARNING !!!!!
DO NOT modify, rename, copy, or move any files or you can DAMAGE them and decryption will be impossible.
DO NOT Use any third-party or public Decryption software, it also may DAMAGE files.
DO NOT Shutdown or RESET your system, it can DAMAGE files
There is ONLY ONE possible way to get back your files – contact us via LIVE CHAT and pay for the special DECRYPTION KEY !
For your GUARANTEE we will decrypt 2 of your files FOR FREE, to show that it works.
Don’t waste your TIME. The link for contact us will be deleted if there is no contact made in the closest time and you will NEVER restore your DATA.
!!! HOWEVER if you will contact us within 2 day since get penetrated – you can get a very SPECIAL PRICE.
! Whole your International Corporate Network was fully COMPROMISED !
We have BREACHED your security perimeter and get access to every server of company's Network in different offices located in Japan, USA, Canada.
So we has DOWNLOADED more than 1TB total volume of your PRIVATE SENSITIVE Data, including:
-Accounting files, Banking Statements, Budget and Revenue files classified as Confidential, Tax Documents
-Intellectual Property, Proprietary Business information, Clients and Employees Personal information (Such as Passports and Visa), Incidents Acts
-Corporate Agreements and Contracts, Non-Disclosure Agreements, Confidential Agreements, Sales Summaries
-Also we have your Private Corporate Correspondence, Emails and Messanger Conversations, Marketing presentations, Audit reports and a lot of other Sensitive Information
If NO Deal made than all your Data will be Published and/or Sold through an auction to any third-parties
Not the First Game Developer to Suffer a Ransomware Attack
The lucrative gaming business is a magnet to malware actors hoping to get high return rates on their malicious 'investments'. While that may be the first time Capcom has incurred a breach, chances are it will hardly be the last. Moreover, rivals are not immune, either. Last month, we witnessed the Egregor ransomware attack against other gaming vendors such as Cry Tek and Ubisoft. Based on the facts they’ve gathered, researchers expect to see more ransomware instances in the gaming industry as the global pandemic unfolds.