Capcom: Ransomware gang used old VPN device
Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.
In early November 2020, Ragnar Locker ransomware hit the Japanese game developer and publisher, forcing Capcom to shut down portions of their network.
In a typical fashion for human-operated ransomware attacks, the threat actor stole sensitive information before encrypting devices on the network.
Ragnar Locker stated that they had stolen 1TB of Capcom sensitive data and demanded a ransom of $11 million in exchange for not publishing the information and offering a decryption tool.
Compromised VPN device
Today, Capcom announced that restoring the internal systems affected by the attack is almost finished and that the investigation into the incident has completed.
Investigators discovered that Ragnar Locker operators gained access to Capcom’s internal network by targeting an old VPN backup device located at the company’s North American subsidiary in California.
From there, the attacker pivoted to devices in offices in the U.S. and Japan and detonated the file-encrypting malware on November 1st, causing email and file servers to be taken offline. Below is a simplified depiction of the incident.
Capcom says that it was in the process of boosting network defenses when Ragnar Locker threat actor breached its network. The compromised VPN device was on its way out as new models had been installed.
However, in the background of the pandemic pushing for remote work, the old VPN server continued to function as an emergency backup in case of communication problems.
The company’s final assessment regarding the data breach is that 15,649 individuals have been impacted; that’s 766 fewer people than initially announced in January 2021.
The information did not include payment card details, only corporate and personal data that includes names, addresses, phone numbers, and email addresses. Capcom is currently notifying affected individuals.
Ransom not paid
Regarding the ransom, the game maker says that the threat actor left on encrypted systems a message that did not mention any price, just instructions to contact the attacker to engage in negotiations.
Indeed, ransomware attacks these days rarely give price details in the ransom note. Most of the time, these notes give victims step-by-step instructions on how to get to communicate with the attacker to learn the ransom and start negotiating it.
Capcom says that following consultations with law enforcement, it did not engage the Ragnar Locker ransomware operator and made no effort to contact them. This decision made the attacker leak company data a few weeks after the breach.
The investigation results published today show that the game maker was hit at a bad time, when its efforts to transition to better defenses were slowed down by measures to adapt to the COVID-19 pandemic.
Part of Capcom’s increased security measures since the cyberattack is a security operations center (SOC) service that keeps an eye on external connections and an endpoint detection and response (EDR) system to check for unusual activity on PCs and servers.
Get In Touch
Share On Social Media
Other Recent Blog Articles
Apple Addresses Critical Zero-Day Vulnerabilities Affecting Intel-Based Macs
Apple has addressed two critical zero-day vulnerabilities that were actively exploited by attackers to target Intel-based Macs. The flaws resided in macOS Sequoia’s JavaScriptCore (CVE-2024-44308) and WebKit (CVE-2024-44309) components. The…
Read MoreElevating Small Businesses, One Tech Solution at a Time
PDX IT Services, led by industry veteran Steve Shaff, is dedicated to rescuing small businesses from IT chaos. With over 25 years of experience working with Fortune 500 companies and…
Read MorePart 2 with our special guest Victoria Dean – Story Time with Victoria Dean
Join us for Part 2 of our Breaking Down I.T. podcast as we sit down with Victoria Dean, a seasoned IT professional from TAK Consulting. In this episode, we dive…
Read More