Capcom was hacked through an old VPN device

In November 2020, it became known that the Japanese corporation Capcom was hacked through an old VPN device, and the attack affected the business operations of the game developer, including the operation of the email system.

The attack occurred in early November 2020 and affected some of the Capcom Group networks, which caused problems in the operation of a number of systems. For example, failures occurred with the already mentioned e-mail and access to file servers, but did not affect the availability of online games and the company’s sites. Parts of the corporate network appear to have been shut down by Capcom employees themselves to prevent further spread of the threat.

As it turned out later, the company was attacked by the Ragnar Locker ransomware. In a ransom note, the hackers wrote that before encryption began, they stole about 1TB of files from Capcom corporate networks in Japan, the United States and Canada. Then it was reported that the hackers demanded from the company a ransom of $11 million.

Initially, it was believed that about 350,000 people were injured during the incident, but later the number of victims decreased to about 16,000 people. The point was that some of the logs were lost due to the attack, and it was not possible to immediately understand what happened.

The recovery of the attacked internal systems is almost complete, as well as the investigation of the incident.Capcom now reports.

Ragnar Locker operators gained access to Capcom’s internal network by attacking an old VPN backup device located at the company’s North American branch in California. From there, the attackers infiltrated devices in offices in the United States and Japan and activated the ransomware on November 1, 2020.

Capcom hacked VPN device
Capcom says that when the attackers entered the network, the company was in the process of strengthening its network defences. The compromised VPN device could be shut down and replaced with a newer model. However, amid the pandemic and the transition to remote work, the old VPN server continued to function and work with emergency backup tasks (in case of communication problems).

According to the company’s final assessment, 15,649 people were affected by the data breach, that is, 766 fewer people than was announced in January 2021. The leaked information did not include payment card details, only corporate and personal information, including names, addresses, phone numbers and email addresses. Capcom is currently notifying all victims.

As for the ransom, it was not paid, and the manufacturer claims that the attackers left a message in the encrypted systems that did not mention a specific amount at all, and only provided instructions on how to contact the hackers to start negotiations.

Capcom hacked VPN device
After consulting with law enforcement, Capcom decided not to contact the Ragnar Locker operators at all, while the hackers leaked the company’s data to the network a few weeks after the hack.

As I reported, at one time LockBit and Ragnar Locker ransomware operators joined forces.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.