Capcom, known for multi-million-selling game franchises, announced in November 2020,
that it had been hit by a ransomware attack: Hackers gained access to the company's servers, encrypted data on its devices, and claimed to have downloaded over 1TB of data. According to a malware researcher, the hackers also left behind a demand for $11 million in Bitcoin in exchange for the encryption key.
In its final report on the matter, the good news is that no credit card information was compromised, and the attack did not affect any of Capcom's systems related to buying or playing games. "It remains safe for Capcom customers or others to connect to the internet to play or purchase the company's games online," Capcom stated.
Interestingly, it also clarified that it was never actually in contact with the attackers, and had not received the reported $11 million ransom demand.
The report provides a timeline of events from the initial discovery of possible issues to the present, as well as a small decrease in the number of user accounts confirmed as compromised: 15,640, down from 16,415 in January. This figure includes current and former staff, as well as a few thousand "business partners," which Capcom explained do not include customers.
The company mentioned that its global networks had been revamped before the attack, but an "older backup VPN" was still in use in North America to help it handle the increased load caused by the Covid-19 pandemic.
"Some devices were compromised at both the Company's US and Japanese offices through the affected old VPN device at the Company's North American subsidiary, leading to the theft of information," Capcom explained.
"While the Company had existing perimeter security measures in place and, as explained below, was in the processes of adopting defensive measures such as a SOC [Security Operation Center] service and EDR [Endpoint Detection and Response], the Company had been forced to prioritize infrastructure improvements necessitated by the spread of COVID-19. As a result, the use of these measures was still in the process of being verified (not yet implemented) at the time this matter took place."
The old system is no longer in use, and Capcom has put in place several technological and organizational steps to reduce the chances of anything similar occurring again in the future. Capcom has introduced new internal divisions, including an Information Technology Security Oversight Committee and an Information Technology Surveillance Section, to stay on top of possible future threats.
"While it is true that the threat actor behind this attack left a message file on the devices that were infected with ransomware containing instructions to contact the threat actor to negotiate, there was no mention of a ransom amount in this file," Capcom wrote.