Street Fighter maker says soz after ransomware hadoukens servers, puts 350,000 folks' data at risk of theft

Capcom KO'd by 'criminal organisation that calls itself Ragnar Locker'


Japanese games giant Capcom, the company behind the 33-year-old Street Fighter franchise, has issued "deepest apologies" to customers and other stakeholders whose details may have been accessed by miscreants during a ransomware infection.

As many as 350,000 individuals, including customers and employees, may have had their personal details compromised in the attack, which is said to have originated from a "criminal organisation that calls itself Ragnar Locker."

The games developer, which is also behind popular hits Resident Evil and Monster Hunter, said it detected connectivity issues with its internal network in the early hours of 2 November. Shortly afterwards, it shut down systems and began investigating the incident.

Capcom was able to confirm this was a targeted attack against the company using ransomware, which destroyed and encrypted data on its servers.

"The company discovered a message from a criminal organization that calls itself Ragnar Locker, and after ascertaining that ransom money was being demanded, contacted the Osaka Prefectural Police," Capcom said in a statement.

By 12 November, Capcom had verified that nine items of personal information and some corporate information had been compromised.

It said that as well as making a public disclosure it has reported the incident to supervisory authorities under the General Data Protection Regulation (which means the Information Commissioner's Office in the UK), and the Personal Information Protection Commission (Japan).

Capcom said it fell victim to "tailor-made ransomware aimed specifically at the company to maliciously encrypt the information saved on its servers and delete its access logs."

"Capcom would ... like to reiterate its deepest apologies for any complications or concerns caused by this incident," the statement concluded. "As a company that handles digital content, it is regarding this incident with the utmost seriousness. In order to prevent the reoccurrence of such an event, it will endeavour to further strengthen its management structure while pursuing legal options regarding criminal acts such as unauthorized access of its networks."

Credit card information had not been compromised as this was handled by a third party, the business added.

Although a maximum of around 350,000 people may have been affected, the true figure is difficult to pin down as "some logs" had been "lost as a result of the attack," Capcom said.

In 2016, Capcom's Street Fighter V for PC offered surprises including a secret rootkit that gave away any installed application kernel-level privileges, potentially allowing any malicious software on the system to completely take over the Windows machine. Capcom said it used the driver to stop players from hacking the high-def beat 'em up to cheat. ®


Biting the hand that feeds IT © 1998–2020