On 2nd of November, Japanese game developer Capcom experienced a ransomware attack where the company had to shut down portions of their corporate network to prevent the spread of the attack and threat actors claim to have stolen 1TB of sensitive data from their corporate networks in the US, Japan, and Canada.
At the time of compromise, Capcom displayed notices on its site warning visitors that emails and document requests will not be answered due to the attack impacting email systems although Capcom did not disclose the details of the cyberattack. But the security researcher Pancak3 found a ransomware sample found that provide evidence that the ransomware group targeting Capcom is the Ragnar Locker ransomware gang.
The ransom note that is associated with the sample details that Ragnar Locker ransomware gang had downloaded at least 1TB of sensitive data including:
“-Accounting files, Banking Statements, Budget and Revenue files classified as Confidential, Tax Documents
-Intellectual Property, Proprietary Business information, Clients and Employees Personal information (Such as Passports and Visa), Incidents Acts
-Corporate Agreements and Contracts, Non-Disclosure Agreements, Confidential Agreements, Sales Summaries
-Also we have your Private Corporate Correspondence, Emails and Messanger Conversations, Marketing presentations, Audit reports and a lot of other Sensitive Information”
The ransom note also had URL links to a private data leak page on Ragnar Locker’s website and screenshot evidence that included: stolen files, including employee termination agreements, Japanese passports, Steam sales reports from August, Bank statements, contractor agreements, and a screenshot of Active Directory Users and Computers MMC for the Capcom Windows domain.
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.