{
	"id": "f1360334-43fb-4c2b-8b8b-2fcf8d4e08f6",
	"created_at": "2026-04-06T00:14:09.076755Z",
	"updated_at": "2026-04-10T13:11:41.415714Z",
	"deleted_at": null,
	"sha1_hash": "80368ff6977732c176e691400496b30f13602db0",
	"title": "Capcom hit by Ragnar Locker ransomware, 1TB allegedly stolen",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3849196,
	"plain_text": "Capcom hit by Ragnar Locker ransomware, 1TB allegedly stolen\r\nBy Lawrence Abrams\r\nPublished: 2020-11-05 · Archived: 2026-04-05 16:54:24 UTC\r\nJapanese game developer Capcom has suffered a ransomware attack where threat actors claim to have stolen 1TB of\r\nsensitive data from their corporate networks in the US, Japan, and Canada.\r\nCapcom is well-known for its iconic game franchises, including Street Fighter, Resident Evil, Devil May Cry, Monster\r\nHunter, and Mega Man.\r\nYesterday,  Capcom announced that they had been hit with a cyberattack on November 2nd, 2020, that led to the halting of\r\nportions of their corporate network to prevent the attack's spread.\r\nhttps://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/\r\nPage 1 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/\r\nPage 2 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\n\"Beginning in the early morning hours of November 2, 2020 some of the Capcom Group networks experienced issues that\r\naffected access to certain systems, including email and file servers. The company has confirmed that this was due to\r\nunauthorized access carried out by a third party, and that it has halted some operations of its internal networks as of\r\nNovember 2.\"\r\nSince the attack, Capcom has been displaying notices on its site warning visitors that emails and document requests will not\r\nbe answered due to the attack impacting email systems.\r\nNotice about email being down\r\nAt the time, Capcom did not disclose the details of the cyberattack, but in a ransomware sample found by security\r\nresearcher Pancak3 we see that the Ragnar Locker ransomware gang attacked them.\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\nRansomware gang claims to have stolen 1 TB of files\r\nAfter running the Ragnar Locker sample, we get access to the ransom note created on Capcom's computers during the\r\nattack. This ransom note provides a huge amount of visibility into the Ragnar Locker attack.\r\nIn the ransom note created during the attack, the Ragnar Locker operators state that they have stolen 1 TB of unencrypted\r\nfiles from the corporate networks in Japan, the USA, and Canada.\r\n We have BREACHED your security perimeter and get access to every server of company's Network in different offices\r\nlocated in Japan, USA, Canada. \r\nSo we has DOWNLOADED more than 1TB total volume of your PRIVATE SENSITIVE Data, including: \r\n-Accounting files, Banking Statements, Budget and Revenue files classified as Confidential, Tax Documents\r\n-Intellectual Property, Proprietary Business information, Clients and Employees Personal information (Such as Passports\r\nand Visa), Incidents Acts  \r\n-Corporate Agreements and Contracts, Non-Disclosure Agreements, Confidential Agreements, Sales Summaries\r\n-Also we have your Private Corporate Correspondence, Emails and Messanger Conversations, Marketing presentations,\r\nAudit reports and a lot of other Sensitive Information \r\nIf NO Deal made than all your Data will be Published and/or Sold through an auction to any third-parties\r\nhttps://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/\r\nPage 3 of 6\n\nCapcom ransom note\r\nEnclosed in the ransom note are seven print.sc URLs that display screenshots of stolen files, including employee termination\r\nagreements, Japanese passports, Steam sales reports from August, Bank statements, contractor agreements, and a screenshot\r\nof Active Directory Users and Computers MMC for the Capcom Windows domain.\r\nStolen Capcom August 2020 Steam sales report\r\nRedacted by BleepingComputer\r\nAlso enclosed in the ransom note is a link to a private data leak page on Ragnar Locker's website containing a 24MB archive\r\ncontaining additional stolen documents, including revenue forecasts, salary spreadsheets, NDAs, immigration forms,\r\ncorporate communications, and royalty reports.\r\nhttps://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/\r\nPage 4 of 6\n\nCapcom temporary data leak page\r\nThe ransom note contains a link to the Ragnar Locker Tor negotiation site, where Capcom can discuss the ransom demand\r\nwith the attackers. At this time, the chat page has not been used by Capcom, so there is no indication as to the ransom\r\namount Ragnar Locker is demanding.\r\nPancak3 told BleepingComputer tonight that Ragnar Locker claims to have encrypted 2,000 devices on Capcom's networks\r\nand are demanding $11,000,000 in bitcoins for a decryptor.\r\nThis ransom also includes a promise to delete any stolen data and a network penetration security report.\r\nIt should be noted that ransomware negotiation service Coveware has seen ransomware operations increasingly not keeping\r\ntheir promise to delete stolen data after a ransom is paid.\r\nRagnar Locker has been involved in other massive attacks this year, including ones on Portuguese multinational energy giant\r\nEnergias de Portugal (EDP), where a $10.9M ransom was demanded. In September, they hit French maritime transport and\r\nlogistics company CMA CGM, which led to significant downtime for the network and operations.\r\nBleepingComputer has attempted to contact Capcom but has not received a response due to their email issues.\r\nUpdate 11/5/20 7:00 PM EST: Added information on ransom amount.\r\nhttps://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/\r\nPage 5 of 6\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/\r\nhttps://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/"
	],
	"report_names": [
		"capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen"
	],
	"threat_actors": [],
	"ts_created_at": 1775434449,
	"ts_updated_at": 1775826701,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/80368ff6977732c176e691400496b30f13602db0.pdf",
		"text": "https://archive.orkl.eu/80368ff6977732c176e691400496b30f13602db0.txt",
		"img": "https://archive.orkl.eu/80368ff6977732c176e691400496b30f13602db0.jpg"
	}
}