Capcom Reveals Ransomware Hack Came from Old VPN

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Cole Travis
in General | Apr, 14th 2021

Internet security is something many people online deal with, whether it’s keeping two-factor on all accounts or using a VPN, security is the saving grace that can be the difference between a safe internet experience or a robber holding someone’s data hostage. Capcom recently was a victim of a ransomware hack, and according to a report, an old VPN was to blame.

For those who are unfamiliar, ransomware is a program that encrypts data from the victim’s computer, forcing them out of personal or confidential documents. The only way to access the data is through an encryption key, which the hacker will most likely have in their possession. The key is usually given back to the victim if they pay a heavy price. In the case of Capcom, that price was 11 Million USD.

The reason the hacker’s got in?

It was an old VPN that the NA servers were using to keep servers up during Covid-19. As the backup VPN is old, the security was low enough for the hacker group “Ragnar Locker” to enter the VPN and gain access to not only Capcom’s US company network, but some computers that were located overseas in Japan.

Since then Capcom has been focused on recovering the compromised data, issued in a report on their .jp website, Capcom stated this: “As explained in previous announcements, Capcom consulted with law enforcement and determined to not engage the threat actor in negotiations; the Company in fact took no steps to make contact (see the company’s November 16, 2020 announcement)”

Capcom has also provided a diagram to explain how the attack took place.

Diagram of the attack made by the hacker group

For now, it appears as if Capcom has the situation under control, as they’ve focused on not only recovering the data compromised but notifying anyone who was effected by the data breach.

Oddly enough, the press release has also stated that while Capcom knows who is responsible for the attack, they never received a demand for the ransomware hack.

While it is true that the threat actor behind this attack left a message file on the devices that were infected with ransomware containing instructions to contact the threat actor to…