Capcom stated in PCMag
that last year’s ransomware incident was caused by hackers who exploited an older emergency backup VPN device that was left unsecured and was used in its California-based North American subsidiary.
The attack has exposed the personal information of approximately 15,649 individuals, including the company’s employees and business partners.
The video game maker did not specify how hackers exploited the older VPN device, but they were able to access the company’s internal network in Japan and the U.S. by October. This allowed them to distribute the Ragnar Locker ransomware strain, steal company data and encrypt affected servers in November.
Capcom has since reverified the safety of its current VPNs and removed older devices. Its internal systems are also nearing full restoration.
The cybercriminals attempted to get Capcom to pay a ransom to decrypt the servers but upon the advice of law enforcement, the company chose not to entertain the hackers. “As such Capcom is not aware of any ransom demand amounts,” the company stated.