Contents:
News that Egregor ransomware impacted Crytek enterprise back in October 2020 has been confirmed by the enterprise itself. The company started to notify the affected clients. The threat actors succeeded in getting access to the game developer’s network, the consequences being data theft and system encryption.
Who Is Crytek?
The origins of Crytek are German-based, it is an organization whose activity consists of developing video games and software, having its headquarters in Frankfurt. The company it’s on the market for almost 20 years.
The Crytek Data Breach: What Happened
A Crytek customer that received a notification letter from the company shared it with BleepingComputer publication, confirming that the game developer acknowledged that its customers were victims of a Crytek data breach in 2020 and sent notification letters to those impacted earlier this month. The client’s data was accessed and stolen by those behind Egregor ransomware who later leaked it on their dark website.
What Data Has Been Stolen?
According to the company’s notification, the following data was leaked and impacted some individuals:
- Clients’ first and last name;
- Job position title;
- The name, e-mail, and business address of the company;
- Country;
- Phone number.
What’s the Impact and What Did the Company Say About It?
In the notification received by BleepingComputer, it is specified that the accessed information was encrypted, stolen, and later leaked on the gang’s website. But the company tried to reduce the wave of panic by reassuring its clients that things are not as bad as they seem to be.
Following the Crytek data breach, the enterprise asserted that the website where leaked data was distributed was shady and not very easy to reach, meaning the data was exposed to a few malicious hackers and the hassle and time lost to download it would have prevented people to try to gain access to the information.
The company also says that the danger the download of this compromised data would represent is seen as an obstacle, so users might have avoided downloading it not to infect their systems with malware. What is interesting to note, is that hackers who really wanted to get those leaked data would use a virtual machine and downloader to safely open what they download. Also, they usually get data from this type of website because they want to share it with other cybercriminals.
This means that the company tries to minimize the gravity of the Crytek data breach.
While we are not aware of misues of any information potentially impacted, we are providing this notice as part of our precautions.
News on the Crytek company being affected by Egregor ransomware has been reported back in October 2020 by many publications. According to ZDNet, the Egregor gang hit Crytek and Ubisoft in autumn 2020 and posted the stolen data on their portal. The hackers had documents related to Warface and Arena of Fate game developing processes.
Following a coordinated operation between French and Ukrainian law enforcement, many Egregor gang members were captured in February 2021 in Ukraine. This happened because French authorities managed to identify some ransom payments that were transmitted to some people living in Ukraine. This led to the imprisonment of the hackers reported to be Egregor affiliates that engaged in targeting corporations’ networks and distributing ransomware. What’s interesting is that the Egregor gang started its activity in September 2020 following the Maze ransomware group’s retirement.
Egregor Ransomware: a Closer Look
Our colleague, Elena, wrote about this malware in January 2021. The group behind is based on ransomware-as-a-service attacks. On its victims’ list seemed to be the same ones as those targeted before by Maze and Sekhmet and their main modus operandi consisted in getting access to sensitive data, then encrypt it, and then performing a data leakage on their website to show they are in the possession of vital info. Of course, following the general rules of ransomware attacks, they asked victims to pay a ransom to have their data back.