Capcom Reveals How Ragnar Locker Ransomware Hit Its Network Last Year

Capcom Reveals How Ragnar Locker Ransomware Hit Its Network Last Year

In an update about the ransomware attack last year, Capcom provided new details on how the hackers penetrated its network, compromised devices, and stole the personal information of thousands of users.

The attack took place in early November 2020. Ragnar Locker ransomware hit Capcom and forced the company to shut down portions of its network. Threat actors stole sensitive information and then encrypted data on the network devices.

Ragnar Locker allegedly had stolen 1TB of Capcom’s sensitive data and demanded $11 million for not publishing the information and for decrypting it.

Today, the game maker said the company is almost done restoring the internal systems affected by the attack and investigating the incident.

The investigation showed that the attack operators compromised Capcom’s internal network by penetrating an old VPN backup device managed by a subsidiary in California.

The attackers then propagated to devices in offices in the U.S. and Japan and on November 1st, they dropped file-encrypting malware. This knocked Capcom’s email and file servers offline after encrypting the data.

Capcom says the compromised VPN device was slated for soon removal, and new models had already been installed. They said the old VPN server functioned as an emergency backup in case of communication problems due to heightened demand tied to the shift to remote work.

The company estimated that’s 766 fewer people have been impacted than initially announced in January 2021 (15,649 individuals).

The information included only corporate and personal data like names, addresses, phone numbers, and email addresses and did not include payment card details. 

Regarding the ransom, Capcom said that after consultations with law enforcement, it did not contact Ragnar Locker operators to discuss the ransom. As the result, the attacker leaked company data a few weeks later.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.