In November 2020, Capcom announced that it had suffered a ransomware attack: hackers broke into the company's servers, encrypted data on devices, and claimed to have downloaded over 1TB of data. According to one malware researcher at the time, the hackers demanded $11 million in bitcoins in exchange for the encryption key.

In its final report on the matter released today, Capcom denied that any specific ransom demand was made and stated that it never had any actual contact with the hackers.

The report includes a timeline of events from the initial detection of the potential problem to the present, as well as a slight decrease in the number of personal accounts confirmed to have been compromised, from 16,415 reported in January to 15,640. This number consists primarily of current and former employees, but also includes thousands of "business partners," which Capcom clarifies do not include customers.

It also explains how the attackers were able to break into Capcom's systems in the first place. According to the company, its worldwide network had recently been upgraded prior to the attack, but an "old backup VPN" was still in use in North America to handle the increased load caused by the Covid-19 pandemic. And like the exhaust vents of an impregnable battle station, attackers were able to exploit them to get inside and do damage.

"Several devices in both our U.S. and Japan offices were compromised through an old VPN device that affected our North American subsidiary, leading to information theft," Capcom explained. Capcom has long had perimeter security measures in place and was in the process of implementing defenses such as Security Operation Center (SOC) services and Endpoint Detection and Response (EDR), as described below, but the COVID-19 However, due to the spread of the COVID-19 infection, we had no choice but to prioritize infrastructure improvement. As a result, the use of these measures was still being verified (not yet implemented) at the time this incident occurred."

Here is a useful diagram:

That old device is now gone, and Capcom has implemented various technical and organizational measures aimed at reducing the chances of this happening again in the future. Capcom itself has also set up new internal departments, such as the Information Technology Security Monitoring Committee and the Information Technology Monitoring Section, to prepare for potential future threats.

The good news is that the compromised data did not include credit card information, and no part of Capcom's systems related to purchasing or playing games was affected. Capcom stated that "it remains safe for Capcom customers and others to connect to the Internet and play and purchase the company's games online."

Interestingly, the company also revealed that it has never had actual contact with the attackers and has not received the reported $11 million ransom demand.

"While it is true that the threat actor behind this attack left a message file on the ransomware-infected device containing instructions to contact the threat actor and negotiate, there was no mention of a ransom amount in this file. As explained in our previous announcement, Capcom has consulted with law enforcement and has decided not to engage in negotiations with the threat actor. We have taken no steps to make actual contact with ...... As a result, Capcom is not aware of the amount of the ransom demand."

Capcom is contacting those whose information was compromised and has provided contact information for those wishing to inquire about the breach: the North American Capcom Customer Service website at www.capcom. com/support, Europe, Middle East, アフリカの顧客は電子メールで[email protected], and Japan customers can call 0120-400161. The company also reiterated its "deepest apologies" to customers affected by the attack, and promised to "pursue legal options regarding criminal activity and We will work with the relevant organizations to further strengthen our management system in order to pursue our legal options regarding criminal activity," he promised.