The Egregor group has claimed another victim in their cybersecurity attack spree that started in September 2020. The victim in question is the well-known game developer and publisher Crytek. They confirmed that the Egregor ransomware gang breached their network in October 2020.
This attack resulted in several encrypted systems and files with customers' personal info stolen and later leaked on the dark web. The company talked about the attack in a letter sent to impacted individuals earlier this month.
Thanks to BleepingComputer, we can see the contents of the letter.
Crytek tried to downplay the impact of the data breach, stating that "the website itself was difficult to identify [..] so that in our estimation, only very few people will have taken note of it." Not only that, but they also speculated that downloading the leaked data would've taken too long and that those who attempted downloading the stolen data were discouraged by the "Huge risk" of compromising their systems with malware embedded in the leaked documents.
I mean, that's cool and all, but don't Virtual Machines exist for a reason? Not to mention, the author of the BleepingComputer article also brings up a valid point about how threat actors like this tend to sell that data with other cybercriminals. Just look at what happened with CD Projekt RED when they were involved in their own cybersecurity incident.
Anyway, the data that Egregor took on their data leak site included:
- Files related to WarFace
- Crytek's canceled Arena of Fate MOBA game
- Documents with information on their network operations
In case you're wondering, yes, the nefarious group has hit other gaming companies. Ubisoft was another one of the victims that were affected back in October 2020. The group shared files that suggested they had the source code of the then-upcoming game Watch Dogs: Legion and Arena of Fate. However, nobody knew about the legitimacy of the supposed source code.
Egregor themselves have been known for attacking multiple companies through their ransomware. They were one of the many threats that took advantage of the sudden mass dependency on digital infrastructure caused by the COVID-19 pandemic. When you consider that some of their attacks affected the healthcare sector, it makes even more sense.
As for the ransomware itself, it's a modification of both Sekhmet ransomware and the Maze ransomware. The attacks are characterized by their brutal yet highly effective double-extortion tactics. According to UpGuard, the cybercrime group breaches sensitive data, encrypting it so that the victim cannot access it. They then publish a subset of the compromised data on the dark web as proof of the successful exfiltration.
The victim is then left with a ransom note instructing them to pay a set price within 3 days to prevent further personal data from being published on the dark web. Or, you know, being potentially sold off to other criminal organizations. If the ransom price is paid before the ultimatum, full decryption of the seized data takes place.
I'm highlighting all of this information to show that Crytek's attempts at downplaying it hold no water whatsoever. This is a major cybersecurity attack that is threatening the information of several of Crytek's customers. For now, it's best to keep tightening your grip on your personal information. This kind of data is precious to tons of people, and you don't want it to fall into the wrong hands.