Breach Notification , Cybercrime as-a-service , Endpoint Security

Gaming Company Confirms Ragnar Locker Ransomware Attack

Capcom Says Over 350,000 Customer and Business Records Possibly Compromised
Gaming Company Confirms Ragnar Locker Ransomware Attack
(Photo: Wikipedia)

Japanese computer game company Capcom acknowledged this week that a November security incident was a Ragnar Locker ransomware attack that resulted in about 350,000 customer and company records, including sales and shareholder data, potentially being compromised.

See Also: Gartner Guide for Digital Forensics and Incident Response

The ransomware attack is now under investigation, but the company is providing some details.

Capcom says it was hit with a "customized ransomware attack" following unauthorized access to its network, according to an update posted Monday. The company has divided the compromised information into two sections - verified and potentially compromised - with a small number of records falling into the former category and about 350,000 into the latter one.

"Any targeted attack will also be customized in some way to make it more successful and, in this case, the customization was to look for certain data, delete certain logs and steal specific information," says Laurence Pitt, technical security lead with the security company Juniper Networks. "This level of customization means that the group - Ragnar Locker - who admitted to the breach will likely have a template that they adapt for other online gaming companies and businesses."

Confirmed Data Loss

Capcom, which makes the popular game Resident Evil, notes that the ransomware attack was first noticed by its internal security team on Nov. 2, when its systems suffered connectivity issues. The IT team shut down the network to conduct an investigation and found a note from Ragnar Locker demanding an unspecified ransom. The company then contacted local law enforcement officials.

The compromised company data verified by Capcom involves only nine current and former employees, sales reports and company financial data. This employee data includes names, signatures, addresses and passport information for former workers. For current staffers, just their names and information held by the human resources department was compromised, according to the update.

Potentially Compromised Records

Apart from the confirmed employee data, the video game maker also notes that about 140,000 records belonging to the company's Japanese customer service video game support help desk may have been stolen or compromised. This would include personal information such as names, addresses, phone numbers and email addresses.

From the North America region, the hackers may have accessed information on about 14,000 Capcom Store members and records for about 4,000 members of its Esports website that may include names, birthdates, email addresses and gender, according to the statement.

Capcom also suspects that the attackers gained access to the records of about 40,000 corporate shareholders that could include names, addresses, shareholder numbers and amount of shareholdings, the update states.

The report also notes that the hackers may have obtained the personal information of about 28,000 former employees and their families and accessed information of over 125,000 applicants, Capcom reports.

The company also says human resources information on about 14,000 individuals and corporate information - such as sales data, business partner information, sales documents and development documents - may also have been exposed.

At this time, it does not appear that any payment or credit card information has been compromised, according to the update.

Following the attack, Capcom says, it contacted government agencies, including the Personal Information Protection Commission in Japan and the Information Commissioner's Office in the U.K., which enforces the EU's General Data Protection Regulation.

The Attack

Capcom has not stated the ransom amount demanded, but the gang behind Ragnar Locker is known to use extortion tactics to pressure its victims into paying (see: Ransomware Gang Devises Innovative Extortion Tactic).

A company spokesperson could not be immediately reached for additional comments or details.

While credit and payment card data does not appear to have been compromised, the other information the attackers possibly exfiltrated is potentially quite valuable, says Saryu Nayyar, CEO of the security firm Gurucul.

"Gaming credentials are valuable to some people for a number of reasons," Nayyar says. "First, some games allow the purchase of in-game items with real-world money, which means there is some real-world value there for people who buy and sell those items. Some particularly valuable items can sell for hundreds of dollars, which makes account access potentially valuable."

The information can also be used for spear-phishing or social engineering efforts in other attacks, Nayyar notes.


About the Author

Chinmay Rautmare

Chinmay Rautmare

Senior Correspondent

Rautmare is senior correspondent on Information Security Media Group's Global News Desk. He previously worked with Reuters News, as a correspondent for the North America Headline News operations and reported on companies in the technology, media and telecom sectors. Before Reuters he put in a stint in broadcast journalism with a business channel, where he helped produced multimedia content and daily market shows. Rautmare is a keen follower of geo-political news and defense technology in his free time.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.