Cyber Incident Victim: Ubisoft

In October 2020, the Egregor ransomware gang publicly claimed responsibility for cyberattacks targeting two prominent game developers, Crytek and Ubisoft. On or around October 15, 2020, Egregor posted archives allegedly containing stolen data from both companies on their leak site, asserting these were obtained through separate intrusions. The gang leaked a 380MB archive purportedly from Crytek, which included files related to the game WarFace, internal materials from the canceled Arena of Fate project, and network operation details. BleepingComputer confirmed Crytek had suffered a ransomware attack, with files encrypted and renamed using the ".CRYTEK" extension. The attack’s timeline remained unclear, as Crytek did not respond to inquiries. Separately, Egregor claimed to have breached Ubisoft, leaking a 20MB archive described as containing assets and source code for the unreleased game Watch Dogs: Legion. However, BleepingComputer noted the leaked Ubisoft materials lacked verifiable proof of origin and could have been sourced from other channels.

The incident’s impacts included operational disruptions for Crytek due to file encryption and potential exposure of proprietary information. For Ubisoft, the allegations raised concerns about intellectual property compromise, though the legitimacy of the breach remained unverified. Security researcher MalwareHunterTeam disclosed prior attempts to alert Ubisoft about employee phishing incidents over nearly a year, but received no response. Neither company publicly acknowledged the attacks or provided details on containment measures at the time of reporting. BleepingComputer’s attempts to obtain statements from both Crytek and Ubisoft were unsuccessful. The Egregor group’s actions highlighted dual threats of data encryption and extortion through leaks, though Ubisoft’s involvement was never conclusively established.