Capcom, known for multi-million-selling game franchises, announced in November 2020, that it had been hit by a ransomware attack: Hackers gained access to the company's servers, encrypted data on its devices, and claimed to have downloaded over 1TB of data. According to a malware researcher, the hackers also left behind a demand for $11 million in Bitcoin in exchange for the encryption key.
In its final report on the matter, the good news is that no credit card information was compromised, and the attack did not affect any of Capcom's systems related to buying or playing games. "It remains safe for Capcom customers or others to connect to the internet to play or purchase the company's games online," Capcom stated.
Interestingly, it also clarified that it was never actually in contact with the attackers, and had not received the reported $11 million ransom demand. The report provides a timeline of events from the initial discovery of possible issues to the present, as well as a small decrease in the number of user accounts confirmed as compromised: 15,640, down from 16,415 in January. This figure includes current and former staff, as well as a few thousand "business partners," which Capcom explained do not include customers.
The company mentioned that its global networks had been revamped before the attack, but an "older backup VPN" was still in use in North America to help it handle the increased load caused by the Covid-19 pandemic. "Some devices were compromised at both the Company's US and Japanese offices through the affected old VPN device at the Company's North American subsidiary, leading to the theft of information," Capcom explained.
"While the Company had ..