[Security Weekly] Video Game Giant Capcom Attacked by Ragnar Locker Ransomware

Cover Image

1st Week of November 2020


1. Video game giant Capcom attacked by Ragnar Locker ransomware

Capcom, a Japanese video game giant and the creator of popular games like Resident Evil, Street Fighter, Megaman, and Darkstalkers, suffered a ransomware attack that infected its corporate networks in the US, Japan, and Canada.

Capcom initially discovered the intrusion on November 2, after which it was forced to pause some of its operations. On November 4, the company made a public announcement suggesting that there was no evidence indicating any compromise of customer data, and that the attack did not impact the users’ access to its online games.

According to Bleeping Computer, who was given access to the ransom note, the attackers were operators of the Ragnar Locker ransomware. As a typical double extortion attack, 10TB of sensitive data from the company’s databases were exfiltrated before being encrypted. The compromised data included financial statements, contracts, agreements, and intellectual properties. The attackers demanded a ransom payment of 1,580 bitcoins (roughly $25 million).

Despite their destructiveness, ransomware attacks can be effectively mitigated by first backing up important data, then using an encryption solution to eliminate the risks associated with data exfiltration. Penta Security’s D’Amo is a comprehensive encryption solution built with a variety of encryption technologies, compatible with most on-premises and cloud DBMS. To learn more about D’Amo, click here.

Sources: Infosecurity, Bleeping Computer


2. Singaporean ecommerce giant Lazada suffers data breach impacting 1.1 million users

Lazada, a Singapore-based ecommerce company owned by Alibaba, suffered a data breach that compromised the personal data of over 1.1 million users.

On October 29, Lazada discovered that a hacker had gained unauthorized access to an old database containing the details of 1.1 million former user accounts of RedMart, an online grocery store owned and operated by Lazada. The database had been abandoned since March 15, 2019, when all RedMart accounts were integrated into Lazada accounts. As such, the compromised account details only involved former RedMart users who registered prior to the account integration, and did not affect those who registered via Lazada accounts after the integration.

The compromised data included RedMart users’ names, phone numbers, email addresses, encrypted passwords, and partial credit card numbers. On October 30, all Lazada customers were forced to log out of their accounts, and as a preventative measure, were asked to change their passwords before logging in.

Sources: ZDNet, The Strait Times


3. Swedish insurance firm Folksam leaks personal data of 1M clients to tech giants

Folksam, one of the largest insurance companies in Sweden, disclosed a data breach incident where the firm mistakenly shared sensitive personal information of 1 million clients to tech giants including Google, Microsoft, Facebook, LinkedIn, and Adobe.

Folksam discovered the data breach through an internal audit. Its clients’ social security numbers and insurance enrolment information were among the sensitive data leaked. These data were supposed to be used for internal analysis, after which the results were to be sent to the tech firms for making customized search results and offerings. Instead of sending the analysis results, Folksam sent the raw data to the tech firms by mistake. 

Folksam immediately reported the incident to the Swedish Data Protection Authority (DPA), and asked the tech firms to delete all the data sent to them. As of now, there is no evidence suggesting that the data has been misused by any third party.

Sources: Bleeping Computer, Insurance Journal


4. US toymaker Mattel discloses ransomware attack from July

Mattel, the second-largest toymaker in the world after The Lego Group, disclosed a ransomware attack incident on November 5 through the filing of Form 10-Q with the U.S. Securities and Exchange Commission.

According to the Form, the attack took place back in July. The ransomware operators successfully encrypted certain parts of Mattel’s IT systems, resulting in a temporary shutdown of some operations. Mattel reported that it quickly took countermeasures according to its guidelines and was able to restore its operations without suffering any major financial losses.

Fortunately, unlike most ransomware attacks today, this attack was not a double extortion attack, meaning that the attackers did not exfiltrate any sensitive information from the systems before encrypting them. Mattel reassured that the personal data of its employees, customers, suppliers, and retailers were not compromised.

Sources: Threatpost, Infosecurity


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security