In November 2020, it became known that the Japanese corporation Capcom was hacked through an old VPN device, and the attack affected the business operations of the game developer, including the operation of the email system.
The attack occurred in early November 2020 and affected some of the Capcom Group networks, which caused problems in the operation of a number of systems. For example, failures occurred with the already mentioned e-mail and access to file servers but did not affect the availability of online games and the company’s sites. Parts of the corporate network appear to have been shut down by Capcom employees themselves to prevent the further spread of the threat.As it turned out later, the company was attacked by the Ragnar Locker ransomware. In a ransom note, the hackers wrote that before encryption began, they stole about 1TB of files from Capcom corporate networks in Japan, the United States, and Canada. Then it was reported that the hackers demanded from the company a ransom of $11 million.
Initially, it was believed that about 350,000 people were injured during the incident, but later the number of victims decreased to about 16,000 people. The point was that some of the logs were lost due to the attack, and it was not possible to immediately understand what happened.
Ragnar Locker operators gained access to Capcom’s internal network by attacking an old VPN backup device located at the company’s North American branch in California. From there, the attackers infiltrated devices in offices in the United States and Japan and activated the ransomware on November 1, 2020.
Capcom says that when the attackers entered the network, the company was in the process of strengthening its network defenses. The compromised VPN device could be shut down and replaced with a newer model. However, amid the pandemic and the transition to remote work, the old VPN server continued to function and work with emergency backup tasks (in case of communication problems).
According to the company’s final assessment, 15,649 people were affected by the data breach, that is, 766 fewer people than was announced in January 2021. The leaked information did not include payment card details, only corporate and personal information, including names, addresses, phone numbers and email addresses. Capcom is currently notifying all victims.
As for the ransom, it was not paid, and the manufacturer claims that the attackers left a message in the encrypted systems that did not mention a specific amount at all, and only provided instructions on how to contact the hackers to start negotiations.
After consulting with law enforcement, Capcom decided not to contact the Ragnar Locker operators at all, while the hackers leaked the company’s data to the network a few weeks after the hack.
As I reported, at one time LockBit and Ragnar Locker ransomware operators joined forces.
