Data belonging to major gaming companies Ubisoft and Crytek has been leaked by a ransomware group. The group, which calls itself Egregor, says it got the data from Ubisoft and Crytek's internal networks.
What data has been stolen from Ubisoft and Crytek?
According to ZDNet, the Ubisoft data stolen by Egregor seems to imply that the group has access to source code from a Watch Dogs game. It's impossible to determine which game it is, as the folder purported to show the data only makes reference to the generic Watch Dogs brand name. It does, however, contain several assets seemingly related to character customization, animations, and other art assets. Egregor itself has claimed it has the source code for the upcoming Watch Dogs Legion, but we don't know if this is what's being shown in the folder.
The Crytek leak was perhaps more severe, as Egregor obtained over 300MB of data from that studio compared to the 20MB it managed to take from Ubisoft. Egregor's stolen Crytek data includes assets and information regarding ongoing Crytek projects like free-to-play MOBA Arena of Fate and FPS Warface, as well as info pertaining to "social gaming network" Gface. In addition to assets, Egregor also managed to get hold of internal production documents and meeting minutes.
How did this ransomware group steal the data?
Ransomware groups generally operate thusly: stealing a company's data, encrypting files so they're useless to the original owner, then asking for payment in order to decrypt said files. Egregor says it breached both Ubisoft and Crytek's networks. In the case of Ubisoft, Egregor stole the data, but didn't encrypt the files. Conversely, the Crytek files they took have "been encrypted fully". Egregor also says that neither Ubisoft nor Crytek have "engaged in discussions" with the group about the data, and a ransom hasn't officially been requested. If Ubisoft doesn't contact Egregor, the group is threatening to release source code for Watch Dogs: Legion, which it claims it possesses.
According to ZDNet, neither Ubisoft nor Crytek responded to emails requesting comment on these leaks. Neither company reported security breaches, either, suggesting that the impact of this ransomware attack was limited to behind-the-scenes office data and backend work. We'll have more for you on this data breach as we get it.
What do you think about this ransomware attack? Let us know in the comments below!