Earlier this week, it was revealed that the Japanese corporation Capcom suffered from the hacker attack, and the hack affected the game developer’s business operations, including the email system. Now it was revealed that Capcom was attacked by the ransomware Ragnar Locker.
It was officially reported that the attack by unknown hackers took place in the morning of November 2, 2020 and affected some of the Capcom Group networks, which caused problems in the operation of a number of systems.Thus, failures occurred with the already mentioned e-mail and access to file servers, but did not affect the availability of online games and the company’s sites.
As writes Bleeping Computer, with reference to the cybersecurity researcher Pancak3, who discovered a sample of malware, the company was attacked by the ransomware Ragnar Locker. This version of the ransomware allowed experts to gain access to the ransom note.
Hackers write that before encryption began, they stole about 1TB of files from Capcom corporate networks in Japan, USA and Canada. These include: accounting files; bank reports; information on budgets and revenues; files marked as confidential; tax documents; intellectual property; service business information; personal information of customers and employees (for example, data on passports and visas); data on incidents; corporate agreements and contracts; non-disclosure agreements; confidentiality agreements; sales summary.
To the ransom note are attached seven URLs on print[.]sc showing screenshots of the stolen files, including employee layoff documents, Japanese passports, August 2020 Steam sales reports, bank statements, contractor agreements, and also a screenshot of the Active Directory Users and Computers MMC for the Capcom Windows domain.
Also attached to the note is a link to the Ragnar Locker website, where the group publishes the stolen data. It contains a 24MB archive containing additional stolen documents, including income projections, pay tables, nondisclosure agreements, corporate messages, and so on.
According to Pancak3, in total, the hackers have encrypted about 2,000 devices on Capcom’s networks and are now demanding $11,000,000 in bitcoins from the company for data recovery and destruction of stolen information.
As we reported, Ragnar Locker, Maze and LockBit ransomware operators joined forces and formed the so-called. Maze Cartel. However, it is not clear what will happen to the cartel (or at least with its name), since ransomware Maze has ceased its activity.
