Earlier this week it emerged that third-party giant Capcom\’s internal systems had been hacked, though the company claimed that no customer data was affected. It has now emerged that the publisher was targeted by the Ragnar Locker ransomware, software designed to exfiltrate information from internal networks before encrypting the lot: at which point the victim is locked-out, contacted, and extorted.
Bleeping Computer broke the story, and managed to access the Ragnar Locker sample (a \’proof\’ provided to the victim by the hackers), which contains the ransom note allegedly delivered to Capcom. It reads as follows.
\”We have BREACHED your security perimeter and get access to every server of company\’s Network in different offices located in Japan, USA, Canada.
\”So we has DOWNLOADED more than 1TB total volume of your PRIVATE SENSITIVE Data, including:
\”-Accounting files, Banking Statements, Budget and Revenue files classified as Confidential, Tax Documents
\”-Intellectual Property, Proprietary Business information, Clients and Employees Personal information (Such as Passports and Visa), Incidents Acts
\”-Corporate Agreements and Contracts, Non-Disclosure Agreements, Confidential Agreements, Sales Summaries
\”-Also we have your Private Corporate Correspondence, Emails and Messanger Conversations, Marketing presentations, Audit reports and a lot of other Sensitive Information
\”If NO Deal made than all your Data will be Published and/or Sold through an auction to any third-parties.\”
According to malware researcher Pancak3, the hackers are demanding $11 milllion in bitcoin for a decryptor key. Such a sum roughly equates to another big Ragnar Locker hack announced yesterday, of the drinks maker Campari, where as ZDNet reports the demand is around $15 million.
The independent MalwareHunterTeam also confirmed that Ragnar Locker is behind the Capcom hack, while adding that both hacks had the same digital signature.
The Ragnar Locker ransomware samples used in these cases were not only signed, but was signed with the same cert… pic.twitter.com/IP41o10dL3November 5, 2020
I\’ve contacted Capcom for comment, and will update with any response.