Posts on the Egregor gang’s dark web portal confirm the sensitive hack. It shows data allegedly seized from Ubisoft and Crytek network. These are two of the biggest gaming companies, and such a leak can be fatal, not only for the company, but also for the users. Egregor’s means of getting the sensitive data still remains a mystery.
It is not unusual for ransomware gangs to break into company networks, steal their data, encrypt files, and then ask for a ransom for data recovery and decryption. Often, ransomware gangs are caught and kicked out of the systems while they are in the process of the hack, and files are never encrypted. Still, they extort companies and ask for ransom, in exchange for not leaking data on ‘leak sites’. On Tuesday, leaks for Ubisoft and Crytek were posted on the Egregor portal simultaneously. They threatened to leak more files soon.
The Ubisoft files suggest that the Egregor group has the source code of one of the Watch Dogs games. They touted to be in possession of source code for Watch Dogs: Legion, which is scheduled to release later in October. However, the doubt remains uncleared, whether the files are from the new game, or are from an existing game. In the past year, security researchers have tried to alert Ubisoft about several of its employees getting phished, but to no avail. Ubisoft took no notice of the fact and did not act accordingly. This might have probably let the hackers make their move to exploit the weak security and steal sensitive data.
The Crytek files that were posted on the portal seem to be from the game development division. These had information about games like Arena of Fate and Warface, and also Crytek’s old Gface social gaming network. While only 20 MB data from Ubisoft was released, Crytek’s share of insult and embarrassment sized around 300 MB.
Neither of the companies responded to emails that sought information related to the leaks. Nor did they report major security incidents in weeks, or any abnormal and prolonged downtime. This means that the Egregor intrusion did not impact cloud and gaming systems, but rather only affected the backend office and work networks, like most ransomware attacks.
In an email interview, the Egregor gang provided more light on what they have performed. They confirmed having breached the Ubisoft network, but only stole it, and did not encrypt any data. The Egregor crew, however, stated, “Crytek has been encrypted fully.” Despite their intrusion, neither company has engaged in a discussion.
Egregor group threatened, “In case Ubisoft will not contact us we will begin posting the source code of upcoming Watch Dogs and their engine,” and promised to publish more data soon.