Capcom hit with ransomware attack, 350K customers affected; Hackers demand $11M


Capcom, a Japanese gaming giant that created some of the hottest games on the market was hit with a ransomware attack, earlier this month. The company owns the Resident Evil and Street Fighter game franchises.

Based on Capcom’s updated incident report on November 16th, the ransomware attack may have affected the personal data of 350,000 customers. The Japanese gaming giant also stated that its content development and business are currently operating without a problem. However, it believes that its  “corporate information may have been compromised in this attack.”

“Capcom offers its sincerest apologies for any complications and concerns that this may bring to its potentially impacted customers as well as to its many stakeholders,” the c

There have been a record number of hacks in 2020. Many of them are associated with Russia-based bad actors.

Hackers used Ragnar Locker malware

Capcom disclosed that its networks have been the victim of a ransomware attack during the early morning hours of November 2. 

At the time, the company said, “certain systems” were impacted including its email and file servers but did not see any sign that customers’ information was breached. 

“Presently, Capcom is consulting with the police as well as other related authorities while both carrying out an investigation and taking measures to restore its systems. The company will continue to offer relevant updates as the facts become clear, via its websites and other means,” according to the Japanese gaming giant.

On November 9, the Nikkei Japan news reported that the hacker gang used “Ragnar Locker” malware. The hackers deployed the malware as an operational virtual machine on each target device in order to hide the ransomware from view. 

Hackers demanded an $11 million ransom from Capcom

The attack had succeeded in downloading 1 terabyte of sensitive data from Capcom. The cybercriminals were reportedly demanding a bitcoin ransom of 1.1 billion yen ($11 million dollars). They are threatening to release the data if the company will not pay the ransom. 

The attackers reportedly demanded Capcom to contact them by 8:00 a.m. Japan time by Nov 11. It did not meet the hacker’s deadline. As a result, hackers released some of the private data to the public domain. Only a portion of the content is viewable, including images of passports, according to media reports.

“Because the overall number of potentially compromised data cannot specifically be ascertained due to issues including some logs having been lost as a result of the attack, Capcom has listed the maximum number of items it has determined to potentially have been affected at the present time,” the company said on November 16.

Capcom emphasized that “All online transactions etc. are handled by a third-party service provider, and as such Capcom does not maintain any such information internally. At-risk data does not contain any credit card information,” Capcom confirmed.

Capcom is working with “local law enforcement” regarding the matter. The company is currently consulting with the Osaka Prefectural Police Department who began work on the case immediately after the attack.


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.