This week, the operators of the ransomware Egregor published data on their darknet website, allegedly stolen from the largest game developers – Ubisoft and Crytek. How exactly this information got into the hands of criminals is still unclear.
As a rule, ransomware like Egregor break into companies, steal data, encrypt files and then demand a “double ransom”: for decrypting files, as well as for not disclosing stolen data. However, hackers are often caught in the process of attacking and stealing data, that is, they manage to steal information, but not encrypt files. In such cases, the criminals also extort money from companies, and otherwise they threaten to publish confidential files in the public domain.
Journalists of the edition ZDNet report that they managed to ask a few questions to the attackers, and they confirmed that they had hacked the Ubisoft network, but only stole the data and did not encrypt the company's files. At the same time, the hackers reported that "Crytek was completely encrypted."
After releasing a small portion of the Ubisoft and Crytek files, Egregor said they had much more at their disposal and threatened to "leak" more data in the coming days if the company did not get in touch and pay the ransom.
In particular, the hackers have published only 20 MB of files allegedly stolen from Ubisoft, but claim that they have the source code for the game Watch Dogs: Legion, which is scheduled for release later this month. However, there is no reliable evidence of this yet.
As for Crytek, in this case, more files were published – a total of 300 MB. Here you can find documents clearly stolen from the company's development department. These papers contain information on the development process for games such as Arena of Fate and Warface, as well as the old social network Gface.
Neither Ubisoft nor Crytek have commented on the situation at this time. Moreover, in recent years, none of the companies have reported serious security problems, and their work has not experienced any prolonged downtime or disruptions, that is, the Egregor attack apparently did not have a strong impact on the work of the companies.