Capcom’s plans for new games, including Resident Evil Village’s launch, plus the source code of some games and other corporate financial secrets were leaked overnight Sunday by a ransomware attack that began on Nov. 2.
The company confirmed the attack (but not the leaked details) in a news release on Monday morning, warning that the personal information of as many as 350,000 persons had been compromised. This potentially includes information for both customers, shareholders, and employees.
A copy of the ransom note Capcom received was posted to Resetera; a group called Ragnar Locker claimed responsibility. The BBC reported that Ragnar Locker’s dark web page, where the trove of information was dumped, indicated that Capcom had refused to pay the ransom.
Users on Resetera also noted that some of the information appears to come from 2018, so Capcom’s plans for the games mentioned may have changed since then.
But, according to the ransomed leaks, Resident Evil Village is planned for an April 2021 launch. Monster Hunter Stories 2 is also slated for June 2021 on Nintendo Switch, and it will launch on PC as well.
There’s also a battle royale-type multiplayer Resident Evil on the way, according to leaked information. An Ace Attorney collection for PlayStation 4 and Nintendo Switch is said to be in the works, and Monster Hunter Rise will follow its March 2021 launch on Switch with an October 2021 launch on PC.
Most intriguing, the hackers exposed the payments made to Capcom for putting its games on certain platforms. Internal documents said Google Stadia paid Capcom $10 million for Resident Evil 7 and Resident Evil 8, and Sony paid $5 million for Capcom to make Resident Evil 7 for Playstation VR, plus a timed exclusive on the game’s DLC.
Capcom’s statement on Monday morning confirmed that sales reports and financial information were verified as compromised. It has not confirmed exactly how much information was revealed in the leak, but specified that “none of the at-risk data contains credit card information.”
The company said it is continuing its investigation of the incident. The attack was detected on Nov. 2, and it “destroyed and encrypted data” on its internal servers, Capcom said.
“Investigation and analysis of this incident took additional time due to the targeted nature of this attack, which was carried out using what could be called tailor-made ransomware,” Capcom said, “as was covered in some media reports, aimed specifically at the company to maliciously encrypt the information saved on its servers and delete its access logs.”
The leak also exposed three untitled projects underway, but few of their details: “Guillotine,” expected or Switch in February and other platforms in May; “Reiwa,” platforms unknown, in May; and “Shield,” a multiplayer shooter aimed at streaming players.