Capcom stated in PCMag that last year’s ransomware incident was caused by hackers who exploited an older emergency backup VPN device that was left unsecured and was used in its California-based North American subsidiary.
The attack has exposed the personal information of approximately 15,649 individuals, including the company’s employees and business partners.
The video game maker did not specify how hackers exploited the older VPN device, but they were able to access the company’s internal network in Japan and the U.S. by October. This allowed them to distribute the Ragnar Locker ransomware strain, steal company data and encrypt affected servers in November.
Capcom has since reverified the safety of its current VPNs and removed older devices. Its internal systems are also nearing full restoration.
The cybercriminals attempted to get Capcom to pay a ransom to decrypt the servers but upon the advice of law enforcement, the company chose not to entertain the hackers. “As such Capcom is not aware of any ransom demand amounts,” the company stated.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.