Capcom Ransomware Attack Update

In November of 2020, Capcom suffered from a ransomware cyberattack that led to the gaming giant shutting down some of its networks. The Ragnar Locker ransomware destroyed and encrypted data on Capcom’s servers and the unauthorized access resulted in stolen personal information of employees and the company’s video game plans. Ragnar Locker demanded a money ransom for the compromised information. Rather than pay the ransom, Capcom continued to work with law enforcement in Japan and the United States. 

What is Ransomware

Ransomware is a form of malware designed to encrypt the victim’s files. It holds the data hostage while the attacker demands a ransom. Once payment is made, the threat actor will restore access to the encrypted information. CSO Online further explains that users are then “shown instructions for how to pay a fee to get the decryption key.” This is typically in the form of Bitcoin and can range from a few hundred dollars to thousands. 

A common delivery system for ransomware is phishing spam. The victim receives an email attachment that appears to be a trusted file but when it is downloaded and opened, the attackers then have entry to the user’s computer. Some of these files can contain social engineering tools that assist in gaining administrative access and others exploit security holes to infect systems for entry.

Capcom Ransomware Attack Game Leaks

The leak revealed that some of Capcom’s most notable and beloved franchises have remakes currently in development. It was also divulged that sequels for some titles were in the works as the four-year plan was prematurely unveiled by the ransomware attackers.

Here is a list that IGN compiled containing the biggest titles in the purported schedule:

• Resident Evil Outrage - Q4 FY21
• Dragon’s Dogma 2 - Q2 FY22
• Street Fighter 6 - Q3 FY22
• Rockman [Mega Man in North America] Match - Q3 FY22
• Resident Evil 4 Remake - Q4 FY22
• Monster Hunter 6 - Q2 FY23
• Biohazard Apocalypse - Q3 FY23
• “SSF6” - Q4 FY23
• Final Fight Remake - Q2 FY24
• Power Stone Remake - Q3 FY24
• Ultra SF6 - Q4 FY24
• Resident Evil Hank [likely, “Hunk”] - Q4 FY24

With E3 2021 right around the corner (June 12 - June 15), Capcom has yet to reveal its plans for the event. With this schedule exposed, there leaves little room for unexpected announcements at this year’s major video game events.

Capcom Ransomware Attack 2020 Update

Capcom has released a new update in regards to last year’s cyberattack that details the root cause and scope. The unauthorized entry was obtained via a backup VPN at the Capcom U.S.A. subsidiary location. The company introduced a new VPN, but the older one remained open as a backup due to the burden on the organization’s setup from the spread of COVID-19 in California. 

“According to the IT specialists, unauthorized access to the Company's internal network was acquired in October 2020 through a cyberattack carried out on an older backup VPN (Virtual Private Network) device that had been maintained at its North American subsidiary (Capcom U.S.A., Inc.). At that time, the Capcom Group, including the North American subsidiary, had already introduced a different, new model of VPN devices; however, due to the growing burden on the Company's network stemming from the spread of COVID-19 in the State of California, where this North American subsidiary is located, one of the aforementioned older VPN devices remained solely at this North American subsidiary as an emergency backup in case of communication issues, and it became the target of the attack. The device in question has already been removed from the network at this time.” - Capcom Japan

The threat actors claimed to have downloaded over 1TB of data from Capcom’s servers with 15,649 individuals impacted, which Bleeping Computer points out, “is 766 less people than initially announced in January of 2021.”

The Japanese video game developer and publisher also included an incident response timeline detailing all of the actions taken on its end as a result of the unfortunate occurrence, including several Information Technology Security Oversight Committee meetings and updates for the incident. It is important to note that the exposed information did not include details pertaining to credit card payments and consisted of corporate and personal data, such as names, addresses, phone numbers, and email addresses. Capcom is currently notifying affected individuals.

‍

Photo and thumbnail source: Capcom