In an update about the ransomware attack last year, Capcom provided new details on how the hackers penetrated its network, compromised devices, and stole the personal information of thousands of users.
The attack took place in early November 2020. Ragnar Locker ransomware hit Capcom and forced the company to shut down portions of its network. Threat actors stole sensitive information and then encrypted data on the network devices.
Ragnar Locker allegedly had stolen 1TB of Capcom’s sensitive data and demanded $11 million for not publishing the information and for decrypting it.
Today, the game maker said the company is almost done restoring the internal systems affected by the attack and investigating the incident.
The investigation showed that the attack operators compromised Capcom’s internal network by penetrating an old VPN backup device managed by a subsidiary in California.
The attackers then propagated to devices in offices in the U.S. and Japan and on November 1st, they dropped file-encrypting malware. This knocked Capcom’s email and file servers offline after encrypting the data.
Capcom says the compromised VPN device was slated for soon removal, and new models had already been installed. They said the old VPN server functioned as an emergency backup in case of communication problems due to heightened demand tied to the shift to remote work.
The company estimated that’s 766 fewer people have been impacted than initially announced in January 2021 (15,649 individuals).
The information included only corporate and personal data like names, addresses, phone numbers, and email addresses and did not include payment card details.
Regarding the ransom, Capcom said that after consultations with law enforcement, it did not contact Ragnar Locker operators to discuss the ransom. As the result, the attacker leaked company data a few weeks later.