13 Nov 2020 | Asia Cyber Summary

In the spotlight this week: 

  • Another Alibaba-backed grocer suffers a data breach

  • More ransomware attacks

  • Capcom gets hit by Ragnar Locker Ransomware

  • Laptop maker Compal hit by DoppelPaymer ransomware

  • Ransomware attacks toys with Mattel systems

Alibaba-Backed Bigbasket Suffers Major Data Loss in Cyberattack

Cyber attackers have stolen personal details of millions users of a top Indian internet grocer, Bigbasket, in the latest e-commerce data breach. The stolen data, which includes sensitive information such as email IDs, mobile phone numbers, and full addresses, has been put up for sale on the dark web for more than US$40,000. Bigbasket’s CEO issued a statement noting that they have filed a case with the cyber crime police in India, though he did not confirm the scale of the attack due to the ongoing status of the investigation. 

Capcom Hit by Ragnar Locker Ransomware, 1 TB Allegedly Stolen

Japanese game developer Capcom has suffered a ransomware attack where threat actors claim to have stolen 1 TB of sensitive data from their corporate networks in the US, Japan, and Canada.  Capcom Group networks experienced issues that affected access to certain systems, including email and file servers. The company confirmed that this was due to unauthorized access carried out by a third party and that it has halted some operations of its internal networks since November 2nd.  Since the attack, Capcom has been displaying notices on its site warning visitors that emails and document requests will not be answered due to the attack impacting email systems.

Laptop Maker Compal Hit by Ransomware, US$17 Million Demanded

Taiwanese laptop maker Compal Electronics has suffered a DoppelPaymer ransomware attack last weekend, with the attackers demanding almost  US$ 17 million in ransom. Compal is the second-largest original design manufacturer (ODM) of laptops globally, with well-known companies rebranding their devices or designs, including Apple, HP, Dell, Lenovo, and Acer. Taiwanese media reported that Compal suffered a cyberattack, but the laptop maker claimed it was just an "abnormality" in their office automation system and had immediately worked to patch the vulnerabilities. However, the ransom note has since been made public.

Ransomware Attacks Toys with Mattel Systems

Toymaker Mattel has been the victim of a ransomware attack last July on its information technology systems. Data on a number of systems were encrypted. The company said that it had contained the attack and, although some business functions were temporarily impacted, the security team restored its operations. No sensitive business, retail customer, supplier, consumer, or employee data was exfiltrated.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.