Crytek Was Compromised by Ransomware and Ubisoft Pays the Price

• The “Egregor” ransomware group claims to have hacked both Ubisoft and Crytek, stealing files from the game publishers.
• The malicious actors have already published samples and screenshots of the data but threaten to leak more soon.
• Neither Ubisoft nor Crytek have stated anything on these allegations, so there may or may not have been an attack.

Crytek GmbH, a German game developer who has had extensive partnerships with Ubisoft in the past, has been compromised by the “Egregor” ransomware group. The hackers stole files from the accessed systems, some of which appear to belong to Ubisoft.

The way we know this is because the actors chose to share samples of this data for extortion purposes on their dedicated leak portal, and there’s source code from Ubisoft’s “Watchdogs Legion” in there. “Watchdogs Legion” is a game that is planned for release in about two weeks, so the damage for the game publisher is immeasurable.

Related: Ransomware Outsourcing Is Taking Unprecedented Proportions

The actors have claimed that this particular data actually comes from a separate attack against Ubisoft, but none of this has been officially confirmed. The rest of the 380 MB of the leaked data includes files from “Arena of Fate,” “WarFace,” and various internal network operations of Crytek. “Arena of Fate” is a canceled MOBA game title that was never released, so this is just another piece of evidence that hackers have indeed breached Crytek’s security.

Another scenario about the Ubisoft source code is that the Egregor gang obtained the 20 MB sample from somewhere else. So Crytek isn’t to blame, and no compromise to Ubisoft’s systems ever took place. Since neither Ubisoft nor Crytek cared to state anything about all that is seeing the light, we can only speculate for the time being.

Also, by looking into these source files, one cannot determine the origin and whether the code concerns the final version of the “Watchdogs Legion” game or a beta version shared by Ubisoft with partners.

For what it’s worth, Crytek and Ubisoft continue to offer uninterrupted cloud gaming services to their respective player-bases, so even if they suffered a ransomware attack, it doesn’t seem to have been very catastrophic. It wasn’t even enough to register any user complaints about unannounced downtimes on social media, so this whole thing may be just a stunt by the Egregor gang who could be going after publicity.

From their side, Egregor continues to maintain that Crytek was fully encrypted and that the entire source code of Watch Dogs, along with the game engine, will be released tomorrow. So, whatever the case, we will get to know if this is a bluff or not in less than 24 hours. That is unless Ubisoft negotiates a ransom payment in the meantime.