Earlier this week, we reported on hacking events on video game companies Crytek and Ubisoft, with the source code of Watch Dogs: Legion even getting leaked. Now another company, Capcom, has been victim of a similar attack from a different group. The company issued a statement that on November 2nd, third parties gained access to "certain systems, including email and file servers" and added that "there is no indication that any customer information was breached".

Below you can read Capcom's official statement:

Beginning in the early morning hours of November 2, 2020 some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers. The company has confirmed that this was due to unauthorized access carried out by a third party, and that it has halted some operations of its internal networks as of November 2. Capcom expressed its deepest regret for any inconvenience this may cause to its various stakeholders. Further, it stated that at present there is no indication that any customer information was breached. This incident has not affected connections for playing the company's games online or access to its various websites.

Presently, Capcom is consulting with the police as well as other related authorities while both carrying out an investigation and taking measures to restore its systems. The company will continue to offer relevant updates as the facts become clear, via its websites and other means.

A report from Bleeping Computer identifies as the cyberattack as being a Ragnar Locker ransomware, with 1TB of sensitive data stolen from Capcom's corporate networks. According to the report, the cyberattack group left the following ransom note and are demanding $11,000,000 in bitcoins.

We have BREACHED your security perimeter and get access to every server of company's Network in different offices located in Japan, USA, Canada.
So we has DOWNLOADED more than 1TB total volume of your PRIVATE SENSITIVE Data, including:
-Accounting files, Banking Statements, Budget and Revenue files classified as Confidential, Tax Documents
-Intellectual Property, Proprietary Business information, Clients and Employees Personal information (Such as Passports and Visa), Incidents Acts
-Corporate Agreements and Contracts, Non-Disclosure Agreements, Confidential Agreements, Sales Summaries
-Also we have your Private Corporate Correspondence, Emails and Messanger Conversations, Marketing presentations, Audit reports and a lot of other Sensitive Information

If NO Deal made than all your Data will be Published and/or Sold through an auction to any third-parties

Image Source​

SOURCE

 

[Mollycule]

From RCE exploits in online Switch games to multi million pound companies having gigabytes of source code leaked, I would say if anything this is a sign of the times, and it would be apparent that the name of the game is profit, neglecting the real work that one would expect to be underway.

Weak security deserves to be exploited, with disclosed breaches such as this and others, it makes one wonder about just how many have happened silently with the affected company deciding that no publicity is best, to save face.

I say that this was bound to happen and is important as a lesson for these companies to actually put work into protecting their customers.

 

[wurstpistole]

I wish they did this to Konami hehe

--------------------- MERGED ---------------------------

Were they watching porn too hehe

hehe

 

[Coolsonickirby]

Bored scriptkiddies...

I highly doubt scriptkiddies can place ransomware on a big corp machines that easily.

 

[yoyoyo69]

Why do tech-savvy Hakaz always have issues with grammar and spelling?

I mean, "So we has downloaded", "if you reading this message", "contact information you will find at the bottom of this notes", "no contact made in closest time", "within 2 day since", etc.

Can't they even English properly? Seriously undermines their credibility...

Either they just aren't fluid with English, or they are English and wish to throw off the scent a little.

Either way, even just popping the paragraphs in to an online translator should provide better results (I think).

 

[Zonark]

If I was Capcom to set a standard I’d be like Do IT. If they did that I promise you I’d buy all their stuff they ever publish

 

[AlexMCS]

I highly doubt scriptkiddies can place ransomware on a big corp machines that easily.

You'd be oh-so-surprised...
Big (or small) companies rarely fall prey to 0-day exploits.
It's usually a lack of care to the security updates of existing software bugs.

 

[BraveDragonWolf]

This is just plain bullshit at this point; I hope these people get caught, at this point they just wanna see the world burn.

Part of the world's been burning for a while, look at California...

 

[eyeliner]

Why do tech-savvy Hakaz always have issues with grammar and spelling?

I mean, "So we has downloaded", "if you reading this message", "contact information you will find at the bottom of this notes", "no contact made in closest time", "within 2 day since", etc.

Can't they even English properly? Seriously undermines their credibility...

Anglophiles they ain't. Possibly Russian or most likely Chinese.

 

[hamohamo]

definitely not a good idea to deal with a company of this scale this way. if i was in their stead i would've just released the files to the public instead of asking for money.

 

[Arras]

If I was Capcom to set a standard I’d be like Do IT. If they did that I promise you I’d buy all their stuff they ever publish

Well, that's what Ubisoft seems to have done. Otherwise I assume the watch dogs legion files wouldn't have leaked.

 

[p1ngpong]

Finally Capcom get what they deserve.

 

[FanNintendo]

Oh another mugshot want to be famous ?

 

[ShadowOne333]

You are doing this wrong, hackers.
You are supposed to go after Nintendo, not third party companies.

Unlike Capcom, Nintendo deserves it

 

[Deleted User]

Sad, but not unexpected. Too many people worldwide are stuck at home with nothing much to do and very little income if any. What I AM surprised by is that we've seen neither hide nor hair of the "Proof" packet (usually source code or inter-corporate agreements) making the rounds in the grey pages of the internet yet.

 

[Zonark]

Well, that's what Ubisoft seems to have done. Otherwise I assume the watch dogs legion files wouldn't have leaked.

I mean honestly who cares people will get some bad ass custom maps like gta 3 and vice city got

 

[diggeloid]

If Capcom pays the ransom, they have no guarantee that these people won't publish or sell this information anyways. Luckily, this doesn't seem to be a real ransomware attack in that the data was encrypted, so Capcom still has access to their data.

So the only thing Capcom gains by paying a ransom is a promise from an anonymous group of criminals. A group of criminals who have every reason to resell the data anyways even if they get the ransom, since it means they'll get paid twice. And if there is no buyer, releasing it publicly will provide them with the satisfaction/dopamine rush of notoriety and public attention. It's not like these anonymous criminals have a reputation to worry about lmao

So this seems like a no-brainer to me. If Capcom pays the ransom, they're making a big mistake. They should instead focus on things like fraud and identity theft protection for affected employees.

 

[Arras]

If Capcom pays the ransom, they have no guarantee that these people won't publish or sell this information anyways. Luckily, this doesn't seem to be a real ransomware attack in that the data was encrypted, so Capcom still has access to their data.

So the only thing Capcom gains by paying a ransom is a promise from an anonymous group of criminals. A group of criminals who have every reason to resell the data anyways even if they get the ransom, since it means they'll get paid twice. And if there is no buyer, releasing it publicly will provide them with the satisfaction/dopamine rush of notoriety and public attention. It's not like these anonymous criminals have a reputation to worry about lmao

So this seems like a no-brainer to me. If Capcom pays the ransom, they're making a big mistake. They should instead focus on things like fraud and identity theft protection for affected employees.

For what it's worth, these types of criminals USUALLY tend to keep their word, because you can only do a scam like that once. If it's known that you pay them and they resell the data anyway, no one will ever pay them again after that. The same goes for actual ransomware. I still wouldn't necessarily advocate paying them, but that's how it is.

 

[MasterJ360]

Capcom was pretty shitty how they handled their dlc's for their arcade/fighter games in the past. This to me is karma long overdue.
I spent $200 worth of SFV DLC a year before they even announced their $20 champion edition like wtf... Ppl are just idolizing them for Resident Evil and Monster Hunter.

 

[MagnesG]

You are doing this wrong, hackers.
You are supposed to go after Nintendo, not third party companies.

Unlike Capcom, Nintendo deserves it

Wtf ?

 

[eriol33]

I just got a job at multinational telecommunications company, and I must login to a VPN whenever I need to connect to the company's data warehouse. The company also send warnings about security in a regular basis to prevent this kind of thing. Ransomware is not a joke.