The Japanese company Capcom, which specialises in the production of video games, recently made headlines for the wrong reasons.
Earlier this month the company faced a ransom attempt, apparently by Ragnar Locker’s gang, and since then the company has been fighting the criminals.
Rumor has it that the crooks opened the auction with eight-digit extortion and demanded $11,000,000 in crypto money in exchange for two items:
- Decryptor to recover encrypted files during the attack.
- A promise not to disclose stolen company data until the files are encrypted.
If what we saw was indeed a ransom from the Capcom attack, the crooks promise nothing.
The wording is more threatening than that and warns in sewn English that… If the transaction does not take place, all your data will be published and/or sold to third parties via an auction.
Of course, swindlers will never be able to prove that they actually delete the stolen files of paying victims; they will never be able to prove that they have not already sold them; and they will certainly never be able to convince a victim that the files they have stolen have not already been stolen from them.
And in this case, the fraudsters didn’t even bother to say they wouldn’t keep the data if they got money for blackmail.
They’re just saying they’re gonna reveal it if they don’t get paid.
The fact that cybercriminals can infiltrate your network does not mean that they can properly protect their own network, or that they feel they have to worry about security unless your files on their servers are stolen and not their hard-earned crypto money.