Game developers Ubisoft and Crytek were victims of ransomware attacks carried out by the Egregor ransomware gang in October. Files from Crytek’s game development division were encrypted and the threat actors threatened to release Ubisoft’s source code for their upcoming title Watch Dogs, a game which is about a hacker taking revenge through acts of violence. More recently, Capcom disclosed that an unauthorized intrusion caused issues for email and file servers although they do not believe customer information was stolen. Experts do not currently believe these attacks are unusual, although with the increase risk of COVID-19 keeping people indoors, the gaming industry could be come a more frequent target. These attacks not only hurt the company, they also can steal user data for the purpose of selling credentials, enabling account takeovers, credential stuffing attacks and phishing schemes.
Threat actors have always targeted companies and services that need to always ‘be on’ such as critical infrastructure. Video games with online platforms often operate 24/7. They present themselves as targets to cyber-attacks because a delay in service can lead to an enormous revenue loss. Additionally, shutting down a game server for even a few hours could lead to players jumping to a new game or platform. These financial risks lead to companies being more vulnerable to threat actors’ extortion demands and might convince company leaders to pay the ransom if it seems that will restore services more quickly. However, paying ransoms can just lead to more targeted attacks and higher extortion demands in the future, if criminals sense a willingness by the company to keep paying. A better approach is to implement a robust security program to keep attackers from getting in or doing damage through long-lived intrusions in the first place, as well as having redundant systems and a disaster recovery plan to minimize damage and downtime if an attack makes it through all the layers of defense.