Prominent game developer company, Capcom, has recently reported that they have been victimized by a ransomware attack. Based on their publicized incident report and initial findings, the attack happens on the morning of November 2, 2020, upon stumbling connectivity issue that results in some data being destroyed and encrypted on their server and later receiving the ransomware note from the adversary. They immediately shut down their network and reported the issue to the local authority in Japan for proper incident handling.
Their initial investigation and official statement posted n November 6 said that they found no evidence that important and sensitive data have been stolen. On the contrary, their updated incident report they have recently released confirmed that the personal information of 9 internal employees and approximately 350,000 users and business partners may have been compromised. Evidence shows that such information has been posted from the currently locked 4chan post since they did not pay the ransom. Information such as names, addresses, contact numbers, genders, and dates of births are among the sensitive information that has been exfiltrated by the adversary. Fortunately, no financial or credit card information has been stolen from the attack because this was handled by a third-party company.
The report confirmed that the ransomware used for the attack was the new malware named Ragnar Locker, recently discovered in December 2019. As observed, this malware only affects devices that run on the Windows Operating System. They infect the targeted system through known Microsoft vulnerabilities, phishing, and business email compromise (BEC). Once initial access has been staged, they will perform the data exfiltration and then move to encryption. Lastly, the ransomware’s deployment is hardcoded. The ransomware notes are included with the details of the ransom money asked and the perpetrator’s bitcoin account for fund transfer. Unfortunately, up to this date, the actors behind the Ragnar Locker are still unknown, including suspected affiliations.
Capcom has already reached out to the affected employees, customers, and business partners and further assess the extent of the breach. They are in continuous communication with local authorities and entities in the US and GDPR international authorities in compliance with the existing international ruling regarding data privacy.
Capcom also hired external security experts to thoroughly investigate the issue and further strengthens their network to counteract future intrusion.
Further updates and an official statement will be immediately publicized once it is available until the investigation concluded as their commitment to transparency.
Capcom ensures that they have already secured their network and are safe now to play their games online and access their websites.