New Ransomware Family Egregor attacked Ubisoft and Crytek

October 27, 2020
Ubisoft Crytek Egregor Ransomware Malware

Recently, a new ransomware family group called Egregor has reportedly stolen data from Ubisoft and Crytek – two of the largest gaming companies worldwide. These two gaming companies are well known for popular games such as Assassin’s Creed, Far Cry, and Tom Clancy’s video game series.

Gaming companies are also one of the main targets of cybercriminals worldwide. Companies must understand that security is not an additional expense but a valuable differentiator to protect their brand and reputation.

Ransomware groups intend to attack an organization, steal sensitive data, encrypt the files, and demand ransom money to decrypt the locked data.

According to a study, the new group Egregor seems to be originated from a Sekhmet malware family. Researchers have found similarities in the two groups, such as obfuscation techniques and packed payloads. Obfuscation techniques are used by threat actors wherein they will alter the signature and fingerprint of the malware code, which will make it difficult to detect by a signature-based Antivirus engine. While on the other hand, the payload is used by attackers to escape the sandbox detection since that Egregor payload is built to be decrypted only once that the accurate key is given in the process of execution.


What data did the Egregor Hacker group obtain from the two gaming companies?

Ubisoft company is about to release a game called Watchdogs: Legion later this month. The company has been targeted by several attackers groups for many years and has already been advised on precautions.

The allegedly stolen data from Ubisoft’s watchdogs: Legion game was published last Tuesday on Egregor’s dark web portal. The hacker group claimed that they have possession of the source code of the Watch Dogs: Legion game. Although they have only published 20 MB of leaked data on their dark web portal, the hacker group threatens Ubisoft to release the entire source code if the gaming company will not initiate to discuss the negotiations.

Researchers have informed Ubisoft that several of their employees have been victims of Phishing attacks, which could have been the threat actors used to gain access to the network.

With Crytek, the attack was more successful since they could bypass the security and install ransomware on Crytek’s system. They have effectively encrypted the Crytek system, which prohibits Crytek to access their data. While they only leaked a small amount of data from Ubisoft, the hacker group decided to release a 300 MB of Crytek data from the Game Development division. The leaked data posted on their Dark web portal includes information about the development procedure of games like Arena of Fate, Warface, and old Gface social gaming network.

Egregor’s reported standard distribution methods are through infected email attachments (macros), torrent websites, and malicious ads. Once infected, files will be encrypted with a file extension name “.JhWeA” and will include a ransom demanding message from RECOVER-FILES.txt

Egregor group has also mentioned that neither of the company has been engaged in official ransom discussion.

Today, neither Ubisoft and Crytek have confirmed that they have suffered from a security breach and have not issued any statement on the reported data leaked that is circulating online.

About the author

Leave a Reply