Capcom – the Japanese game developer of popular titles such as Mega Man, Street Fighter, Resident Evil, Monster Hunter, and Devil May Cry – is facing its greatest threat yet. But instead of zombies and fireball-tossing martial artists, the company now has to contend with a crippling ransomware attack.
The company announced that it had been hit with a cyberattack on November 02, 2020. The cyber incident led to the suspension of parts of its corporate network in an attempt to halt the spread of the malware.
"Beginning in the early morning hours of November 02, 2020 some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers,” a statement from Capcom read. “The company has confirmed that this was due to unauthorised access carried out by a third party, and that it has halted some operations of its internal networks as of November 02."
BleepingComputer reported that since the attack, Capcom has been displaying notices on its website notifying visitors that emails and document requests will not be answered because the cyber incident affected its email systems.
Although Capcom did not disclose any details about the cyber incident, security researcher Pancak3 managed to obtain a sample of the ransomware, which determined that the malware used was Ragnar Locker.
BleepingComputer ran the Ragnar Locker sample and managed to obtain a copy of the ransom note sent to Capcom during the attack. On the note, the attackers responsible for the malware have claimed that they stole 1TB of unencrypted files from Capcom’s corporate networks in Japan, the US, and Canada.
To serve as proof of the data theft, the attackers attached seven print URLs to the ransom note that display screenshots of stolen files. The culprits also attached a link to the note which redirects to a private data leak page on Ragnar Locker's website containing additional stolen documents.
Pancak3 told BleepingComputer that Ragnar Locker claims to have encrypted 2,000 devices on Capcom's networks, and that the attackers are demanding $11,000,000 in bitcoins in exchange for an offer to decrypt the company’s locked files. To facilitate negotiations, the attackers even included another link on their ransom note, directing Capcom to a Tor chat page where the company can discuss with the hackers.