Capcom Reveals Ransomware Hack Came from Old VPN


by in General | Apr, 14th 2021

Internet security is something many people online deal with, whether it’s keeping two-factor on all accounts or using a VPN, security is the saving grace that can be the difference between a safe internet experience or a robber holding someone’s data hostage. Capcom recently was a victim of a ransomware hack, and according to a report, an old VPN was to blame.

Ransomware and the Attack on Capcom


For those who are unfamiliar, ransomware is a program that encrypts data from the victim’s computer, forcing them out of personal or confidential documents. The only way to access the data is through an encryption key, which the hacker will most likely have in their possession. The key is usually given back to the victim if they pay a heavy price. In the case of Capcom, that price was $11 million.

The reason the hackers got in?

It was an old VPN that the NA servers were using to keep servers up during Covid-19. As the backup VPN is old, the security was low enough for the hacker group “Ragnar Locker” to enter the VPN and gain access to not only Capcom’s US company network, but some computers that were located overseas in Japan.

Since then Capcom has been focused on recovering the compromised data, issued in a report on their .jp website, Capcom stated this: “As explained in previous announcements, Capcom consulted with law enforcement and determined to not engage the threat actor in negotiations; the Company in fact took no steps to make contact (see the company’s November 16, 2020 announcement)”

Capcom has also provided a diagram to explain how the attack took place.

Diagram of the attack made by the hacker group

For now, it appears as if Capcom has the situation under control, as they’ve focused on not only recovering the data compromised but notifying anyone who was effected by the data breach.

Oddly enough, the press release has also stated that while Capcom knows who is responsible for the attack, they never received a demand for the ransomware hack.

While it is true that the threat actor behind this attack left a message file on the devices that were infected with ransomware containing instructions to contact the threat actor to negotiate, there was no mention of a ransom amount in this file. As explained in previous announcements, Capcom consulted with law enforcement and determined to not engage the threat actor in negotiations; the Company in fact took no steps to make contact (see the company’s November 16, 2020 announcement), and as such Capcom is not aware of any ransom demand amounts.”

The attack on Capcom should serve as a reminder for readers to ensure that they also have proper safety precautions in place on their devices, as to not become another victim of a cyber-attack.

Comments


Leave a Reply