Capcom Found Out Ransomware Actors May Have Stolen 350,000 Files

• Capcom’s internal investigation is revealing a deep dent in the company’s IT networks.
• A recent ransomware attack has resulted in the exfiltration of sensitive files, possibly in the hundreds of thousands.
• The actors demand an $11 million payment in Bitcoin, but it’s unlikely they’ll get anything from the Japanese.

The Capcom internal investigation on the recent ransomware attack they experienced has yielded some bad news for the game maker and the people around it. More specifically, they’ve found that the number of files exfiltrated by the hackers could be up to 350,000, including confidential and sensitive personal information of customers, employees, and contractors.

Here’s what Capcom’s IT has now confirmed as definitely compromised:

• Personal information of former employees, including names, signatures, addresses, and passports.
• Personal information of current employees, including HR data, names, and signatures.
• Sales reports
• Financial information

The following data may have been stolen, but it’s not certain yet:

• Japan: Customer service video game support help desk information (approx.134,000 items). Names, addresses, phone numbers, email addresses
• North America: Capcom Store member information (approx. 14,000 items). Names, birthdates, email addresses
• North America: Esports operations website members (approx. 4,000 items). Names, email addresses, gender information
• List of shareholders (approx. 40,000 items). Names, addresses, shareholder numbers, amount of shareholdings
• Former employee (including family) information (approx. 28,000 people); applicant information (approx. 125,000 people), Names, birthdates, addresses, phone numbers, email addresses, photos, etc.
• Human resources information (approx. 14,000 people)
• Confidential corporate information, including sales data, business partner information, sales documents, development documents, etc.

Capcom has already informed ICO in the UK, and the Personal Information Protection Commission in Japan, while the investigation is ongoing. Furthermore, law enforcement action against the actors will be sought in Japan and the United States. At the same time, those who are confirmed as compromised will be offered support in the form of identity protection services.

The ransomware actors that hit Capcom are “Ragnar Locker,” and they demanded the payment of $11 million in Bitcoin, threatening to release the stolen data in public. After ten days passed, the actors followed through on their threat and published samples of the exfiltrated data on their dedicated portal. In total, “Ragnar Locker” claim that they hold 1TB of sensitive data, including a lot more than what Capcom confirms now.

Whether or not Capcom is planning to negotiate the payment with Ragnar Locker now is doubtful. Still, since the Japanese mention law enforcement authorities in their announcement, we assume that they won’t pay a dime.

In the same context, they are playing down the significance of the incident by stating that its effect on the group’s consolidated business results will be negligible. That’s also another way of saying “we won’t pay.”