Earlier this month, the Japanese gaming firm Capcom suffered a cybersecurity incident reports hinted towards a ransomware attack. After two weeks, Capcom has confirmed that the culprit was from Ragnar Locker ransomware via a rogue update.
Capcom Ransomware Attack Update
On November 4, 2020, the Japanese gaming giant Capcom disclosed network issues that have affected the firm since November 2, 2020. The firm highlighted some unauthorized access to the network that led to disruption.
At that time, while the reports were out for a possible ransomware attack on Capcom, the firm didn’t explicitly mention any such thing. However, sources revealed that Capcom possibly suffered a Ragnar Locker ransomware attack.
As per initial details, the attackers managed to pilfer about 1TB of data that also included some sensitive information. The attackers put up a demand for $11,000,000 in BTC as ransom.
Recently, after two weeks from the time of the cyberattack, Capcom has confirmed the Ragnar Locker ransomware attack in an update.
The firm has come up with many details regarding the data compromised in the attack. This information includes personal information of former and current employees, sales reports, and financial data.
Whereas, they also mentioned some “potentially compromised” data that include personal information of customers, human resource data, and sensitive corporate documents such as business partner information, sales data, sales documents, and development documents.
Moreover, for the personal data compromise, the data shows the maximum impact of the incident on the Japan customer support help desk that potentially leaked names, email addresses, phone numbers, and addresses (134,000 items).
Whereas the least impact seems to be on the North America Esports operations website members (4000 items), leaking the names, email addresses, and dates of birth.
Though, regarding this data, Capcom stated,
Because the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time.
No Ransom Seemingly Paid
According to the update, Capcom reported the matter to the Osaka Prefectural Police after ascertaining the ransomware attack.
Moreover, they also involved cybersecurity experts for inspection as the firm continued investigating the matter.
Hence, it seems the firm didn’t pay the ransom to the attackers – a much-recommended step by security professionals to discourage ransomware attacks.