jamdesign - stock.adobe.com

Resident Evil studio Capcom confirms scale of Ragnar Locker breach

Videogame studio says the data of up to 350,000 people was likely to have been compromised in a Ragnar Locker ransomware attack

Resident Evil developer Capcom has referred itself to the UK Information Commissioner’s Office (ICO) after confirming that the personal data of up to 350,000 people is likely to have been stolen in a Ragnar Locker double extortion ransomware attack.

The Osaka, Japan-based videogame studio was first attacked on 2 November 2020 by the Ragnar Locker gang. The ransomware operators claimed at the time to have stolen 1TB of Capcom’s data from networks located in Canada, Japan and the US. It said the data included financial information, intellectual property, personal data and corporate contracts, among other things. The group demanded a ransom of $11m.

Capcom has now confirmed it has verified that the personal data of a small number of current and former employees has been compromised, alongside sales reports and some financial information.

Also, it said, it has lost the personal information of up to 134,000 people who contacted its videogame support helpdesk in Japan, 14,000 members of its North American Capcom store, 4,000 members of its Esports operations website, 40,000 of its shareholders, 28,000 former employees, and 125,000 job applicants.

It also believes the Ragnar Locker gang has made off with human resources information on 14,000 people, and data related to Capcom’s sales, business partners and development.

The data includes names, addresses, email addresses, phone numbers, gender, shareholder numbers and amount of shareholdings, and photos. No credit card information has been compromised because such transactions are handled by an unaffected third party, the firm said.

“Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders,” the company said in a statement.

Capcom further apologised that the targeted nature of the attack using “tailor-made” ransomware had slowed down the pace of its investigation.

“The company asks that everyone potentially affected by this incident practise an abundance of caution, looking out for any suspicious packages received by mail or messages that could potentially be received,” it said.

Read more about ransomware

The company is collaborating with law enforcement in both Japan and the US and has engaged external security experts. It said its online games and websites can both be accessed safely at the present time.

According to the BBC, Capcom appears to be resisting the Ragnar Locker gang’s ransom demand.

First observed late in 2019, Ragnar Locker is one of a number of strains of ransomware to be closely associated with the – possibly – now defunct Maze group and the cyber criminals behind it are currently highly active.

The group is notable for its use of double extortion techniques and for making significant ransom demands – a second November 2020 attack on Italian beverage company Campari demanded $15m.

The gang has also achieved a certain notoriety after hacking a legitimate advertiser’s Facebook account and using it to create adverts promoting their work, specifically their attack on Campari. It is believed Facebook inadvertently served these ads to about 7,000 users before they were pulled. This technique is probably intended to apply extra pressure to the victim through public shaming.

Read more on Hackers and cybercrime prevention