[BreachExchange] Capcom quietly discloses cyberattack impacting email, file servers

Destry Winant destry at riskbasedsecurity.com
Fri Nov 6 10:50:36 EST 2020


https://www.zdnet.com/index.php/category/2184/index.php/article/capcom-quietly-discloses-cyberattack-impacting-email-file-servers/

Update 14.46pm GMT: ZDNet has learned that the security incident may
be due to a Ragnar Locker ransomware infection.

Capcom has disclosed a cyberattack that impacted the company's
operations over the weekend.

The Osaka, Japan-based video game developer said in a notice dated
November 4 that two days prior, beginning in the early morning, "some
of the Capcom Group networks experienced issues that affected access
to certain systems" due to a cyberattack.

Email and file servers were impacted.

Capcom has described the attack as "unauthorized access" conducted by
a third-party. As the security incident took place, the company
stopped some operations on its internal networks, likely to prevent
the cyberattack from spreading further and potentially compromising
additional corporate resources.

Capcom claims that there is "no indication" that customer information
has been accessed or compromised; at least, at this stage.

"This incident has not affected connections for playing the company's
games online or access to its various websites," the company said.
"Capcom expressed its deepest regret for any inconvenience this may
cause to its various stakeholders."

At the time of writing, Capcom says it is "unable to reply to
inquiries and/or to fulfill requests for documents" made through the
investor relations contact form.

The game developer is currently working toward restoring its systems
and has reported the cyberattack to law enforcement.

Capcom has not revealed any further details relating to the attack,
but the company is not the only game developer targeted this year. In
October, Ubisoft and Crytek were the victims of the Egregor ransomware
gang, which attempted to extort a ransomware payment from the firms on
the threat of the public release of proprietary data stolen during
attacks.

Egregor is an active ransomware group believed to be responsible for
cyberattacks against GEFCO and Barnes & Noble. Researchers from
Malwarebytes suspect that past affiliates of the Maze ransomware group
-- now retired from the scene -- are now turning to Egregor as an
alternative.

Update 14.46pm GMT: ZDNet has learned that the security incident may
be due to a Ragnar Locker ransomware infection. Ragnar Locker,
associated with an attack on energy company EDP in July, is a
ransomware variant of which some operators deploy in virtual machines
(VMs) to avoid detection. The ransomware is generally used against
corporate targets.


More information about the BreachExchange mailing list