Cyber Incident Victim: Crytek

On or around October 15, 2020, the Egregor ransomware gang executed a confirmed cyberattack against Crytek, a Germany-based game development company. The attackers encrypted files on Crytek's network and appended the ".CRYTEK" extension to compromised files—for example, renaming "test.jpg" to "test.jpg.CRYTEK." While the exact number of affected devices remained undisclosed, the incident involved both data encryption and theft. Egregor subsequently leaked a 380MB archive of stolen Crytek data on their extortion portal, containing files related to the live game WarFace, development materials for the canceled Arena of Fate multiplayer online battle arena (MOBA) project, and internal network operation documents. BleepingComputer verified the ransomware attack through undisclosed sources but could not confirm the intrusion timeline due to Crytek's lack of response to media inquiries. The company did not publicly acknowledge the incident or provide details regarding containment efforts, recovery actions, or potential operational disruptions.

In parallel, Egregor claimed responsibility for breaching Ubisoft, a France-based game developer, alleging theft of source code for the unreleased Watch Dogs: Legion title. The group leaked a 20MB archive purportedly containing Watch Dogs-related assets, though BleepingComputer noted these files lacked verifiable proof of origin and could have been sourced from non-Ubisoft channels. Security researcher MalwareHunterTeam disclosed prior attempts to alert Ubisoft about employee phishing incidents over nearly a year, receiving no response. Ubisoft did not confirm the alleged breach or data legitimacy, and like Crytek, did not reply to media requests for comment. The incidents highlighted Egregor's dual strategy of encrypting victim systems while exfiltrating and leaking unencrypted data to pressure organizations into paying ransoms.