Video game maker Capcom has uncovered how its servers became infected with ransomware in November—the hackers exploited an unsecured VPN device, enabling them to break in.
On Tuesday, the company posted an update on the attack, which encrypted some of the company’s servers. At least 15,649 people, including employees and business partners, had their personal information exposed in the incident.
According to Capcom, the hackers infiltrated its network by targeting an “older backup VPN device” based in the company’s North American subsidiary in California. Capcom was originally in the midst of phasing out the older VPN devices for a newer model. But then the COVID-19 pandemic began to worsen in the state.
“One of the aforementioned older VPN devices remained solely at this North American subsidiary as an emergency backup in case of communication issues,” the company said.
Capcom didn’t identify the VPN device’s name or model. But it appears the company was using the VPN as a security gateway for employees to gain remote access to corporate servers. However, VPNs can also be vulnerable to hacking. This can be done by learning a user’s password or by leveraging known flaws in the software.
How the older VPN device was exploited was left unsaid. But by October, the hackers had managed to infiltrate Capcom’s internal network in both the US and Japan through the VPN. The cybercriminals then stole company data and spread the Ragnar Locker ransomware strain, encrypting the affected servers in early November.
Capcom has since removed the older VPN devices. The company has also “reverified” the safety of its existing VPNs. In addition, the company’s internal systems are almost completely restored.
The hackers had tried to extort Capcom into paying a ransom to free the encrypted servers. But after consulting with law enforcement, the video game maker decided not to reply to the hackers. “As such Capcom is not aware of any ransom demand amounts,” the company added.
