{"id":2804,"date":"2021-08-11T14:06:52","date_gmt":"2021-08-11T08:36:52","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2804"},"modified":"2021-08-11T14:06:54","modified_gmt":"2021-08-11T08:36:54","slug":"egregor-ransomware-gang-hijacked-information-from-customers-crytek","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/","title":{"rendered":"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek"},"content":{"rendered":"\n
Game developer and author Crytek has confirmed that the Egregor ransomware gang hijacked its network in October 2020, encoding systems and hijacking files containing customers\u2019 personal information later hijacked on the group\u2019s dark web leak sites.<\/p><\/p>\n\n\n\n
The organizers acknowledge the attack in breach notifications letter sent to impacted victims earlier this month and transmitted by one of the victims with our experts today. <\/p><\/p>\n\n\n\n
\u201cWe want to inform you that Crytek was the victim of a ransomware attack by some unknown cyber-criminals,\u201d Crytek said in a letter mailed to one of their customers impacted in the incident.<\/p><\/p>\n\n\n\n
\u201cDuring that attack certain information had been encoded and hijacked from our network. We took urgent action to avoid the encryption of our systems, further secure our environment, and initiate and external researches into the incident.\u201d<\/p><\/p>\n\n\n\n
Crytek confirmed that Egregor operators later leaked documents hijacked during the incident on their data leak site. \u201cBased on our researchers, the data in some case included individuals\u2019 first and last name, job title, company name, email, business address, phone number and country,\u201d Crytek revealed.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
How Data Hijack Impact Downplayed?<\/strong><\/h2>\n\n\n\n
The game developer tried to reassure affected customers by saying \u201cthe website itself was so hard to identify, so that in our estimation, only few people will have taken note of it.\u201d Crytek added downloading the leaked information would have also taken too long, which would have also likely represented a significant difficulty that stopped people from trying to grab it.<\/p><\/p>\n\n\n\n
Crytek also believes that those who tried downloading the hijacked information were discouraged by the \u201chuge risk\u201d of negotiating their systems with malware embedded in the leaked documents.<\/p><\/p>\n\n\n\n
While these points would make sense for users with little to no experience in using computers, most of the users who would want to know how to get their hands on this type of information would likely use downloader\u2019s and launch the leaked files in a virtual machine.<\/p><\/p>\n\n\n\n
Moreover, threat actors mostly download files leaked on ransomware data leaks to sell or share with other cybercriminals. Considering this Crytek\u2019s attempts to downplay the seriousness of data hijack resulting from the October 2020 ransomware attack does not hold water. <\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
The hijacked data leaked by Egregor on their data leak site included:<\/p><\/p>\n\n\n\n
File related to WarFace<\/li>
Crytek\u2019s canceled Arena of Fate MOBA game<\/li>
Documents with data on their network operations <\/li><\/ul>\n\n\n\n
Other popular organizations across the world attacked by Egregor in the past include Barnes and Noble, Kmart, Cencosud, Randstad, and Vancouver\u2019s TransLink metro system.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Egregor Partners Arrested in Ukraine<\/strong><\/h2>\n\n\n\n
In February 2021, some members of the Egregor ransomware operation were arrested in Ukraine following a joint operation between French and Ukrainian law enforcement. Law enforcement officers made the arrests after French authorities could trace ransom payments to individuals located in Ukraine. <\/p><\/p>\n\n\n\n
The arrested individuals are believed to be Egregor affiliates whose job was to hack into corporate networks and set up the ransomware. At times, Our experts were told by threat actors that Maze\u2019s affiliates switched to Egregor\u2019s RaaS, permitting the new RaaS to open with experienced and skilled hackers.<\/p><\/p>\n\n\n\n
Egregor operates as a ransomware-as-a-service (RaaS) where the ransomware developers partner with affiliates who conduct the attacks, splitting the ransom payments.<\/p><\/p>\n\n\n\n
As a part of this arrangement, the core team earns between 20-30% of all paid the ransom, while affiliates pocketed the other 70-80%. A Cybersecurity firm Kivu said in a February report that Egregor has 10-12 core members and 20-25 semi-exclusively vetted members, and it amassed more than 200 victims since its September launch.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Game developer and author Crytek has confirmed that the Egregor ransomware gang hijacked its network in October 2020, encoding systems and hijacking files containing customers\u2019 personal information later hijacked on the group\u2019s dark web leak sites. The organizers acknowledge the attack in breach notifications letter sent to impacted victims earlier this month and transmitted by […]<\/p>\n","protected":false},"author":2,"featured_media":2806,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"yoast_head":"\n
Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Game developer and author Crytek has confirmed that the Egregor ransomware gang hijacked its network in October 2020, encoding systems and hijacking files containing customers\u2019 personal information later hijacked on the group\u2019s dark web leak sites. The organizers acknowledge the attack in breach notifications letter sent to impacted victims earlier this month and transmitted by […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-11T08:36:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-11T08:36:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Egregor-Ransomware-Gang-Hijacked-Information-from-Customers\u2013Crytek-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek\",\"datePublished\":\"2021-08-11T08:36:52+00:00\",\"dateModified\":\"2021-08-11T08:36:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/\"},\"wordCount\":604,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Breaches\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/\",\"url\":\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/\",\"name\":\"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-08-11T08:36:52+00:00\",\"dateModified\":\"2021-08-11T08:36:54+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/","og_locale":"en_US","og_type":"article","og_title":"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek - Xiarch Solutions Private Limited","og_description":"Game developer and author Crytek has confirmed that the Egregor ransomware gang hijacked its network in October 2020, encoding systems and hijacking files containing customers\u2019 personal information later hijacked on the group\u2019s dark web leak sites. The organizers acknowledge the attack in breach notifications letter sent to impacted victims earlier this month and transmitted by […]","og_url":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-08-11T08:36:52+00:00","article_modified_time":"2021-08-11T08:36:54+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Egregor-Ransomware-Gang-Hijacked-Information-from-Customers\u2013Crytek-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek","datePublished":"2021-08-11T08:36:52+00:00","dateModified":"2021-08-11T08:36:54+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/"},"wordCount":604,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Breaches"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/","url":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/","name":"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-08-11T08:36:52+00:00","dateModified":"2021-08-11T08:36:54+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/egregor-ransomware-gang-hijacked-information-from-customers-crytek\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Egregor Ransomware Gang Hijacked Information from Customers \u2013 Crytek"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2804"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2804"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2804\/revisions"}],"predecessor-version":[{"id":2810,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2804\/revisions\/2810"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2806"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2804"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2804"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2804"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Egregor-Ransomware-Gang-Hijacked-Information-from-Customers\u2013Crytek-image2\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Egregor-Ransomware-Gang-Hijacked-Information-from-Customers\u2013Crytek-image1-1024x587.jpg\")
<\/figure><\/div>\n\n\n\n![\"Egregor-Ransomware-Gang-Hijacked-Information-from-Customers\u2013Crytek-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Egregor-Ransomware-Gang-Hijacked-Information-from-Customers\u2013Crytek-image-1024x422.jpg\")
<\/figure><\/div>\n\n\n\n![\"Egregor-Ransomware-Gang-Hijacked-Information-from-Customers\u2013Crytek-image3\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Egregor-Ransomware-Gang-Hijacked-Information-from-Customers\u2013Crytek-image3.jpg\")
<\/figure><\/div>\n\n\n\n