Capcom internal server compromised from old VPN device in USA office

Capcom Explained How Its Internal Server Got Compromised

This article is over 3 years old and may contain outdated information

Capcom published a new update on the ransomware attack inflicted against its internal server in November 2020. It added more details on how the attack happened, as well as announced countermeasures taken to prevent another attack in the future.

Recommended Videos

The cyberattack route was traced back to an old VPN device that was kept for emergency backup. Although Capcom had shifted to newer VPN devices, an older unit was retained at the U.S. office in case the communications networks were to be overburdened by remote works due to the COVID-19 pandemic.

This old device turned out to be the exact entry point for the multi-faceted attack that culminated in ransomware infections on Capcom’s internal servers in both the U.S. and Japan on November 1, 2020. The device in question has since been completely disconnected and disposed of.

How Capcom internal server got compromised

In addition to reviewing the VPN devices, Capcom also enacted more technical and organizational measures to prevent similar attacks in the future. This includes the EDR (Endpoint Detection and Response) and SOC (Security Operation Center) services to detect unusual activities in external connections. The company also newly established the IT Security Oversight Committee and IT Surveillance Section that gather information related to cyber-security and give frequent recommendations to improve its protection standards.

Near the end of the press release, Capcom confirmed that the cybercriminal group left a contact message on infected devices for negotiations. However, the company had no intention to negotiate with the group. Capcom also claimed that it was not aware of any ransom demands, as the message did not include such a mention. This ransomware attack resulted in a leak of information on games under development by Capcom, as well as personal data from more than 15,000 people.

Siliconera is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Image of Kite Stenbuck
Kite Stenbuck
Kite is a Japanese translator and avid gamer from Indonesia, Southeast Asia who learned the language mostly by playing Japanese games from the PS1 era. He primarily translates news about Japanese games and anime straight from Japan. After initially starting with a focus on Dynasty Warriors communities from the mid-2000s, he eventually joined Siliconera in 2020. Other than Dynasty Warriors, Kite is also a big fan of Ace Combat and other games featuring mechs, especially Gundam.