Japanese game developer Capcom has been hit with a cyberattack. The company confirmed that it “experienced issues” over the weekend that impacted business operations. At present, there is no indication that customer information was breached. Gamers can also continue to play their favorite games online. This “good news” is however clouded by reports from security researchers about ransomware demands.
Network Issues Due to Unauthorized Access
Capcom is a reputable game developer, known for worldwide hits like Street Fighter, Resident Evil, Monster Hunter, Mega Man and Devil May Cry, as well as games based on Disney animated properties. On Monday 2 November, the company suffered a cyberattack.
In a short press release, Capcom revealed that a third party had gained unauthorized access to its systems. As a result, some parts of the computer network experienced issues. A number of internal systems were affected, including e-mail and file servers. Capcom said it immediately took action.
So far, the attack has not affected connections for playing the company’s games online or to access its various websites. Capcom is working with the police and other related authorities. The game developer has also launched its own investigation to determine the cause of the breach. Furthermore, it is taking the necessary steps to restore affected systems.
What’s Going On?
It is not clear what’s going on. The issues suffered by Capcom suggest the involvement of ransomware. Anonymous sources have told BleepingComputer that Capcom was hit by TrickBot malware in August. Trickbot is a known vehicle for ransomware such as Ruyk or Conti.
A group of hackers named REvil claimed in an earlier interview with BleepingComputer that they had attacked “a large game security website company” and would reveal more details soon. REvil is thought to be the same hacking group that, combined with the impact of Covid-19, forced Travelex into administration.
REvil typically uses a “double-extortion strategy”. First, they steal unencrypted data from their victim’s servers. Next, they lock all stolen or copied files with ransomware. If the company refuses to pay for the decryption key, the attackers threaten to leak sensitive information or sell the data on the dark web.
1TB of Data Stolen
Security researcher Pancak3lullz said he could “confirm that Capcom was infected with Ragnar Locker”. He also told BleepingComputer that “Ragnar Locker claims to have encrypted 2,000 devices on Capcom’s networks and are demanding $11 million in bitcoins for a decryptor”.
While Capcom stated that there “is no indication that any customer information was breached”, the ransom note that was apparently sent to Capcom’s headquarters said that 1TB worth of “private sensitive data” was stolen from Capcom Japan, Canada and US.
Most authorities, agencies, companies and organizations stand united against paying ransoms. Paying cybercriminals to obtain a decryption key provides no guarantee that the encrypted data can indeed be restored. Moreover, the stolen data could still be leaked later, sometimes months after the attack.
Crytek and Ubisoft are Also Victims of Hackers
Capcom isn’t the only company in the gaming industry that recently fell victim to a cyberattack. Earlier this week, game developer Crytek and publisher Ubisoft were attacked by the Egregor ransomware group.
In this case, the perpetrators threatened to release the source code for Watch Dogs: Legion, a triple-A game that was released on PlayStation 4, Xbox One, Stadia and Windows PC just last month. In total, 560 GB of data was stolen by Egregor.
Ubisoft refused to pay the ransom, and now the source code has indeed been leaked. In addition, the hackers have reportedly posted documents that provide details about games currently being developed by Crytek or that were once in development.