The investigation into 2020's Capcom ransomware attack has finally ended. One of the key causes behind the Capcom cyberattack was the COVID-19 pandemic — more specifically, the need to work from home.
Late last year, Capcom was hit by a cyberattack that reportedly resulted in more than 1TB of data being held hostage. These kinds of attacks typically demand a ransom and threaten to permanently delete files or release confidential information. Capcom immediately disclosed the nature of the attack, refused to pay up, and ultimately saw some of its confidential information released to the public. Now, the Japanese company has concluded an investigation into the root cause of the cyberattack.
How the Capcom Ransomware Attack Happened
As strange as it may sound, the COVID-19 pandemic was one of the driving causes behind the Capcom ransomware attack. It wasn't the pandemic itself per se; rather, it was the need to work from home and an old VPN device.
Capcom, like many companies, had to scramble to shift to a remote work scheme once the pandemic picked up in early 2020. This meant that its office workers would need to be able to securely access company files and that was done through a VPN.
At the time, Capcom had already replaced an older-model VPN device with a newer one. The strain on the company's network, however, was rather intense indeed and Capcom left the older VPN unit online as a backup just in case. Unfortunately, it was this older backup device that proved to be a vulnerability.
Criminals managed to gain access through this older VPN by installing ransomware on company computers. From there, the cybercriminals were able to vacuum up confidential company information including future planned releases and personal information of some company employees.
Capcom's IT team managed to quickly discover the problem and shut down the network, but it was too late — some of the confidential information had been captured by hackers and the ransomware demand was sent to them, ultimately leading to the subsequent public leaks.
Capcom Cyberattack Leads to Tightened Security
Could the company have prevented the Capcom ransomware attack? It's certainly possible, but it wouldn't have been easy; specialist companies hired to investigate the attack ultimately concluded that it was "a malicious, multi-faceted attack that would be difficult to defend against." It now has a better handle on things and has subsequently tightened security in the aftermath.
To start, the offending VPN device that opened the door for hackers was removed from the network as soon as the problem was sourced; this device is no longer connected and this particular vulnerability has been closed for good. The team working to secure the company's network subsequently evaluated all of the VPN devices and the network as a whole to ensure its security.
Going forward, a Security Operation Center service was introduced, adding several extra defensive measures including EDR (Endpoint Detection and Response) and better management of VPN logs to quickly detect any similar attacks in the future before any real damage can be done.
As for the fallout from the Capcom ransomware attack, the company can't do much about the information that has already been made public. That said, no customer credit card data has been released and any and all employees who may have had personal information leaked have been contacted by the company; an option for concerned employees to contact Capcom remains available.
Finally, there's the financial concern. Capcom does not believe that these attacks will cause any changes to its financial forecast or future business plans. That said, it plans to "swiftly make an announcement" should this change. You can read the full Capcom ransomware investigation on the company's official website.
What do you think of the Capcom cyberattack investigation's results? Do you think its response in the aftermath of the cyberattack was adequate? Let us know in the comments below!