Towards the end of last year, in November, the gaming company Capcom got hit by the ransomware, the Ragnar locker. The impact was huge in terms of the breach and data theft as close to 1 terabyte worth of data was stolen. These data included company files and threatening public sale or exposure. The group had not been identified, and the files remained unknown, but the games company assured that it is not the user or game data. The attackers guaranteed to have taken a huge 1TB worth of secret organization records from Capcom utilizing the ransomware “Ragnar Locker” that encrypted the data.
Capcom is known for creating monstrous game establishments of the mid 1990s and the present with “Road Fighter,” “Occupant Evil,” “Megaman,” and so on. The Japanese games designers actually had no clue about who is behind the attack and as of now investigating the matter. Capcom is limitedly uncovering a few data about the ransomware. Recently, Capcom uncovered that the attack occurred as ahead of schedule as November 2, prompting a monstrous stop of a few tasks and its internal networks. The break came from unapproved outsider elements that are presently viewed as programmers and detestable creatures. According to Twitter user панкак3 (@pancak3lullz), he confirms that the malware injected into Capcom’s system is the so-called “Ragnar Locker” which infected the company’s systems and shut down almost half its operations. Additionally, the user is “confident” that Capcom was hit with the said ransomware because it generated a ransom note directed to the Japanese company. [Reference]
Moreover, Ragnar Locker’s website already contains several of the files from Capcom’s database infected by the ransomware. According to панкак3, he has discovered that Ragnar’s website already holds the files and are in a minimal public display as of the moment. Now the Ragnar ransomware gang has threatened the victims that if they approach any law enforcement agencies, then they will leak their data. A note read ““We have BREACHED your security perimeter and get access to every server of company’s Network in different offices located in Japan, USA, Canada. So we has DOWNLOADED more than 1TB total volume of your PRIVATE SENSITIVE Data…” [Reference]Bleeping computer has quoted that “In an announcement published on Ragnar Locker’s darknet leak site this week, the group is threatening to publish full data of victims who seek the help of law enforcement and investigative agencies following a ransomware attack.
The threat also applies to victims contacting data recovery experts to attempt decryption and conduct the negotiation process. In any such event, the group will publish the victim’s full data on their .onion site. The ransomware operator states that victim organizations who hire “professional negotiators” are only making the recovery process worse. That’s because such negotiators are often working with data recovery companies affiliated with the FBI and similar authorities.
Ragnar Locker actors are known for manually deploying the ransomware payloads to encrypted the victims’ systems. They spend time conducting reconnaissance to discover network resources, company backups, and other sensitive files they can steal before the data encryption stage. Paying ransom amounts motivates criminals to target even more victims and incentivize other cyber crime groups to follow their lead in conducting illegal activities. But in some cases, when a victim is helpless and is threatened by such bad actors, how can the security professionals put an end or at least start reducing the frequency of such ransomware attacks.
Published by The Art of Cyber-Space
I am a security professional specializing in network security. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of certain ideas from a different perspective. View more posts