Earlier this week, we reported on hacking events on video game companies Crytek and Ubisoft, with the source code of Watch Dogs: Legion even getting leaked. Now another company, Capcom, has been victim of a similar attack from a different group. The company issued a statement that on November 2nd, third parties gained access to "certain systems, including email and file servers" and added that "there is no indication that any customer information was breached".

Below you can read Capcom's official statement:

Beginning in the early morning hours of November 2, 2020 some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers. The company has confirmed that this was due to unauthorized access carried out by a third party, and that it has halted some operations of its internal networks as of November 2. Capcom expressed its deepest regret for any inconvenience this may cause to its various stakeholders. Further, it stated that at present there is no indication that any customer information was breached. This incident has not affected connections for playing the company's games online or access to its various websites.

Presently, Capcom is consulting with the police as well as other related authorities while both carrying out an investigation and taking measures to restore its systems. The company will continue to offer relevant updates as the facts become clear, via its websites and other means.

A report from Bleeping Computer identifies as the cyberattack as being a Ragnar Locker ransomware, with 1TB of sensitive data stolen from Capcom's corporate networks. According to the report, the cyberattack group left the following ransom note and are demanding $11,000,000 in bitcoins.

We have BREACHED your security perimeter and get access to every server of company's Network in different offices located in Japan, USA, Canada.
So we has DOWNLOADED more than 1TB total volume of your PRIVATE SENSITIVE Data, including:
-Accounting files, Banking Statements, Budget and Revenue files classified as Confidential, Tax Documents
-Intellectual Property, Proprietary Business information, Clients and Employees Personal information (Such as Passports and Visa), Incidents Acts
-Corporate Agreements and Contracts, Non-Disclosure Agreements, Confidential Agreements, Sales Summaries
-Also we have your Private Corporate Correspondence, Emails and Messanger Conversations, Marketing presentations, Audit reports and a lot of other Sensitive Information

If NO Deal made than all your Data will be Published and/or Sold through an auction to any third-parties

Image Source​

SOURCE

 

[depaul]

Digitization is unavoidable, there is no returning back now.
The solution isn't to return to paper, but to take good care of your system.

 

[64bitmodels]

Finally Capcom get what they deserve.

this isnt 2012 buddy capcom has been getting way better

--------------------- MERGED ---------------------------

Nice double standards here. Ubisoft being hacked thread is a shitshow, everyone gloating about what happened. Capcom thread is the complete opposite.

ah yes, because getting source code for a game about to release is the same thing as a full scale attack that compromises all employee data...
To all the people in this thread that think this is deserved you're all horrible people and i honestly hope you take a long look in the mirror to see what's wrong with you because youre fucked up in the head

 

[FAST6191]

ah yes, because getting source code for a game about to release is the same thing as a full scale attack that compromises all employee data...

Yeah I would say source leak is worse.

Employee data. By all means don't mishandle it but generally speaking if you are not acting like your personal data is not already compromised you are behind the curve, to say nothing of most people willingly handing it all over all the time anyway.

Source leak of a primary asset in a borderline monoculture... oh dear.

 

[tofttwaswas]

Fuck those who do this type of shit.

--------------------- MERGED ---------------------------

Capcom didn't deserve this. Now, if it was EA on the other hand... I wouldn't mind seeing their shit go up in flames. I don't support this kind of activity but... You know. "Decryption DLC for $11,000,000"

Or Nintendo. But getting a ransomware attack isn't that fun, just watching it get leaked is cool.

 

[Dust2dust]

Paying a ransom to these a-holes would be the equivalent of buying something in a pawnshop that you recognized as your stolen property. There's just no justification to pay even a nickel (we don't use pennies anymore in Canada). I hope Capcom didn't give in.

 

[FAST6191]

Paying a ransom to these a-holes would be the equivalent of buying something in a pawnshop that you recognized as your stolen property. There's just no justification to pay even a nickel (we don't use pennies anymore in Canada). I hope Capcom didn't give in.

Standing on principle is nice and all but if paying so much prevents greater damage (in this case lives are not really on the line but even if there are backups they tend not to be press a button to roll out, and there might still be lost data) then there is an argument to be made.

 

[Dust2dust]

Standing on principle is nice and all but if paying so much prevents greater damage (in this case lives are not really on the line but even if there are backups they tend not to be press a button to roll out, and there might still be lost data) then there is an argument to be made.

I understand your point, but the fact is, there is absolutely no guarantee that the thieves would honor their side of the deal. The scenario of paying the ransom and them never decrypting the drive is perfectly plausible.

 

[FAST6191]

I understand your point, but the fact is, there is absolutely no guarantee that the thieves would honor their side of the deal. The scenario of paying the ransom and them never decrypting the drive is perfectly plausible.

Indeed it is a dilemma and possibility in all this. However this is a long standing practice so the onus does tend to be on the ransom givers to give the keys over so they can repeat it down the road rather than be told "nah you will just take the money and run, get lost" for a one time fee.

 

[Dust2dust]

Indeed it is a dilemma and possibility in all this. However this is a long standing practice so the onus does tend to be on the ransom givers to give the keys over so they can repeat it down the road rather than be told "nah you will just take the money and run, get lost" for a one time fee.

I agree that would be the wise thing to do if they want to continue with their dirty schemes, but how likely is it, that they will be able to hit the same victim again? Capcom is likely to beef up their security or have backups frequently made so they wouldn't have to ever pay again a ransom. And I'd be surprised if Capcom recommended to another victim "Yeah you can trust them, pay the ransom in complete confidence, guys!"

 

[FAST6191]

I agree that would be the wise thing to do if they want to continue with their dirty schemes, but how likely is it, that they will be able to hit the same victim again? Capcom is likely to beef up their security or have backups frequently made so they wouldn't have to ever pay again a ransom. And I'd be surprised if Capcom recommended to another victim "Yeah you can trust them, pay the ransom in complete confidence, guys!"

Same victim? I doubt this was a direct attack in the first place as much as just a victim of opportunity (skilled hackers with a bone to pick, advanced persistent threat aka APT if we are to use the parlance of the kids, with a company are generally considered a myth. This then being someone left a port open/service with update undone and someone's scanner clocked it). To that end the possibility of a future hack... far from as low as you might like -- if security is an afterthought in the first place then after a token polish up of the security to make it look good to the investors it tends to be left to lapse again.

As far as a formal press release saying we paid and they coughed up then more likely not (not to mention some places have fines if you do https://krebsonsecurity.com/2020/10...ay-up-could-incur-steep-fines-from-uncle-sam/). Whether the ransomer givers will also say differs.
Informally among the business and security communities, or maybe inferred from financial statements. Different matter entirely. They will probably attempt to if not ID the group then categorise them (this software, this type of language, this....) and note their actions.

People have paid in the past and got things back
https://digitalguardian.com/blog/hi...biggest-and-worst-ransomware-attacks-all-time