Cyberattack against gaming company Capcom – Ransomware compromises user data
Author
Hannes HartungIn a press release, the game manufacturer Capcom announced that there were inconsistencies in the internal network as early as 2nd November 2020. Potentially, up to 350,000 data records of customers and business partners could be affected. As this attack shows, it is not only customer data that is targeted. Capcom expects that data of current and former employees could also be compromised. This includes people who have already retired. Photos of employees, support histories, game sales figures and development costs could all be affected. End users should also exercise caution away from social networks and only provide personal data if it is really necessary to do so. In addition to the data described above, trade secrets have also been published by the attackers. The US games magazine, Polygon, announced that the attack had led to the disclosure of licence fees for some games by Sony, Google and others.
Ragnar Locker confesses – Ransomware as a Service
Ransomware attacks from this group mostly come in the form of malware that encrypts target systems. In addition, the malware often terminates pre-installed applications. This has the effect that the executed processes are not interrupted, and thus the encryption process is successfully completed. It is often spread via junk email attachments, freeware or shareware downloads. Particularly perfidious is the arrogance with which this group operates. Attacks are usually published, and the group admits to being responsible for them. In the future, "ransomware as a service" could become a widespread phenomenon. Meanwhile, organised criminal organisations have also recognised the importance of cyberattacks and continue to enter into cooperation or business relationships with unscrupulous cybercriminals.
Publication instead of just encryption
In 2019, the group Ragnar Locker drew attention to itself by publishing stolen data on social networks such as Facebook. In addition, Facebook ads hiding malware are increasingly being placed under aliases. Companies must not play down attacks. In most cases, contact from the attackers is the last step in a comprehensively planned attack. By then, the entire network has already been compromised, and sensitive data has already been analysed. Therefore, preventive measures are all the more essential to reduce the probability of these horror scenarios occurring.
Beware of removal offers on the internet!
Once the malware has entered the IT systems, victims usually try to find help on the internet. More and more types of malware can be found under aliases such as "Magic Cleaner" or "Combo Cleaner". These programs usually promise to remove ransomware. You should always stay away from these kinds of offers. Employing experts is the best course of action to take in an emergency. Under no circumstances should the ransom be paid in advance.
Protection against ransomware
In order to protect against ransomware, preventive measures should be taken, and technical preconditions created. Redundant data storage with network separation is recommended. If a part of the system is infiltrated, isolation could be achieved through network separation, which does not directly paralyse the entire business operation. Other preventive measures:
- Do not click on unsafe links
- Do not open email attachments from unknown persons
- Use only known and verified download sources
- Only disclose as much data as necessary
- Do not use unknown USB devices under any circumstances
- Use virus scanners and content filters for your mail servers
- Use VPN services
What should victims do?
Most ransomware attacks are only detected when the corresponding notice of the attackers appears on the screens. To prevent the spread of the ransomware, the affected system should be disconnected from the network immediately. If you do not have internal know-how for such types of attacks, call in experts as soon as possible. Unfortunately, support is often procured far too late. Time is usually the decisive factor. Do not panic and avoid paying the ransom.