CAPCOM revealed on Tuesday the results of its investigation on the ransomware attack on its network in November.
According to IT specialists, a cyberattack was carried out on an older backup Virtual Private Network (VPN) device that had been maintained at Capcom U.S.A., CAPCOM‘s North American subsidiary, in October. CAPCOM had already introduced a different, new model of VPN devices. However, the subsidiary kept one older VPN device as an emergency backup, due to burden on the company’s network from the spread of the new coronavirus disease (COVID-19). The older VPN device was the target of the attack, and has since been removed from the network.
Some devices were compromised at both the CAPCOM‘s U.S. and Japanese offices through the affected old VPN device, which led to information theft. Following the final stage of the attack, some devices at its offices were infected with ransomware on November 1 beginning around 11:00 p.m. JST, resulting in the files on affected devices being encrypted. Beginning in the early morning hours of November 2, some of the CAPCOM Group networks experienced issues that affected access to certain systems, including email and file servers.
CAPCOM has taken a variety of measures to strengthen existing security with the aim of preventing reoccurrence. This includes implementing a Security Operation Center (SOC) service, which continuously monitors systems and networks, and Endpoint Detection and Response (EDR), which allows for early…
