Capcom, the Japanese gaming giant behind the Street Fighter, Mega Man and Resident Evil franchises, has reported a major cybersecurity incident. The attackers have demanded an $11 million ransom payment.
Get started on your cybersecurity degree at American Military University.
It’s not hard to see why today’s sophisticated ransomware gangs would target Capcom. The company reported revenues of 94.5 billion yen in 2019, which converts to around $900 million at today’s exchange rate.
Capcom announced that the attack “has halted some operations of its internal networks as of November 2nd.” That’s the day the company first detected the unauthorized access to its systems.
According to an independent security researcher, the hackers behind the attack compromised nearly 2,000 of Capcom’s servers. The attackers also claim to have siphoned off around 1TB of data, including financial statements, tax documents, personnel data, emails, chats and customers’ personal information.
The hackers have also posted screenshots of files and folders as proof. Capcom partly disputed the hackers’ claims in its press release, attempting to reassure the public that “there is no indication that any customer information was breached.”
The full truth will likely not be know for quite some time. Capcom has reported the incident to authorities and the investigation is ongoing. No further updates have been posted to the company’s press release page and the company did respond to a request for statement before this post was published.
Based on the precedent set by cybercriminals in similar incidents, the next update could come from the hackers themselves. If they are indeed in possession of sensitive company data it may well be used to exert pressure on Capcom to pay the ransom.