The ransomware group that hacked Capcom has been taken down by international police

The ransomware group responsible for a Capcom data breach in 2020 has been “taken down” in an international police operation, with its key member arrested.

According to Europol, the criminal group Ragnar Locker, which was responsible for a ransomware strain of the same name, “made a name for itself by attacking critical infrastructure across the world, having most recently claimed the attacks against the Portuguese national carrier and a hospital in Israel”.

The group also targeted Capcom in November 2020, in an attack that saw hundreds of thousands of pieces of personal data stolen from its servers, including the names and addresses of customers and former employees.

However, in an operation involving law enforcement and judicial authorities from 11 countries, the group’s “key target” was arrested in Paris, and his home in Czechia was searched, while five further suspects in Spain and Latvia were also interviewed.

The group’s ransomware infrastructure was also taken down in the Netherlands, Germany and Sweden, and its data leak website was removed too.

As originally reported in 2020, Capcom was targeted by Ragnar Locker when it was sent a message demanding money in exchange for data stolen from its servers.

At the time, media reports claimed that over 1TB of data had been stolen during the hack and that the hacker group was demanding $11m in bitcoin for return of the files. If no deal was made, then the data was to be published or sold.

Following an investigation into the hack, Capcom said the total number of accounts confirmed to definitely have been compromised was 15,649.

It also estimated that the potential maximum number of customers, business partners and other external parties whose personal information may have been compromised in the attack was approximately 390,000 people.