Capcom have been hacked, with reports claiming the hackers are asking for $11 million USD to decrypt 1TB of stolen corporate data.
In a statement via their Japanese investor relations page (in English), Capcom state that in the early hours of November 2nd, the Capcom Group networks “experienced issues that affected access to certain systems, including email and file servers.” This was caused by “unauthorized access carried out by a third party.”
The hack resulted in some operations of internal networks halting, though Capcom note “at present there is no indication that any customer information was breached. This incident has not affected connections for playing the company’s games online or access to its various websites.”
While Capcom are consulting with police and other related authorities (along with its own investigation), Bleeping Computer reports that the above statement is not true; with ransomware group Ragnar Locker claiming to have encrypted and stolen 1TB of unencrypted data via ransomware.
Bleeping Computer cite security researcher @pancak3lullz (Pancak3). They reportedly found the Ragnar Locker sample, and found the stolen files on the group’s website. Bleeping Computer shared redacted screenshots of the ransomware’s note to Capcom, along with a sales report, and the group’s website.
For those relying on machine translation, the ransomware note states that “all” of Capcom’s international corporate network files had been encrypted and obtained by them. These include accounting, banking, and financial information, employee personal information (including passports and Visas), IP information, contracts, emails, and more.
Ragnar Locker claim any attempt to move or decrypt the files would result in the data being damaged. The group demand a live chat to negotiate terms, and will decrypt two files to prove they can decrypt the rest.
While emphasizing they must be contracted as soon as possible, Ragnar Locker offered Capcom a “very special prize” if they contacted them within two days of the hack. “If NO Deal made than [sic] all your Data will be Published and/or Sold through an auction to any third-parties.”
Bleeping Computer report the Ragnar Locker Tor negotiation website has not been used by Capcom, and there is no indication on how much the group are demanding. However, Pancak3 told Bleeping Computer that Ragnar Locker asked for $11 million USD in bitcoin to decrypt 2,000 devices affected by the ransomware.
The group also reportedly promised to delete any stolen data once paid, and provide a network penetration security report. Bleeping Computer do note that ransomware gangs do not always keep their promise to delete stolen data once paid.
In earlier news, the source code for Watch Dogs: Legion has reportedly leaked onto the internet, after a potential “data security incident” at Ubisoft.
Image: Mega Man Battle Network 2 via Nintendo