Epic Games ransomware attack is likely fake – 'zero evidence' so far

907     0
Fortnite developer Epic Games is investigating whether claims of a ransomware attack that stole 200GB of data are real or not (Image: Epic Games)
Fortnite developer Epic Games is investigating whether claims of a ransomware attack that stole 200GB of data are real or not (Image: Epic Games)

Fortnite developer, Epic Games, is looking into claims that it's been hacked by a group which alleges it's stolen 189GB of data that includes sensitive info from source code to user passwords and payment details.

Epic Games may have its hands full with the upcoming season of Fortnite kicking off next week – and a potential live event to boot – but a ransomware group has thrown a spanner in the works with claims of an attack purporting to have stolen almost 200GB of data. The group, dubbed Mogilevich, says it "quietlly carried out an attack" to Epic Games' servers, and that the stolen data includes emails, passwords, full name and payment information of users, source code, and more.

The Epic Games ransomware attack was shared by the Dark Web Informer Twitter account, and BleepingComputer's Lawrence Abrams followed up after speaking with Mogilevich, saying "they are selling the data for 15K and will not provide proof of the breach unless you are looking to purchase it and show 'proof of funds.' Doesn't feel real."

While the group has very helpfully provided a link for interested parties to click on if they want to buy the data – shouting out 'employees of the company' – it doesn't actually appear to have done much in terms of securing its ransom; that's according to Epic at least. The publisher said to Mirror Gaming in a statement:

"We are investigating but there is currently zero evidence that these claims are legitimate. Mogilevich has not contacted Epic or provided any proof of the veracity of these allegations. When we saw these allegations, which were a screenshot of a darkweb webpage in a Tweet from a third party, we began investigating within minutes and reached out to Mogilevich for proof. Mogilevich has not responded. The closest thing we have seen to a response is this Tweet, where they allegedly ask for $15k and 'proof of funds' to hand over the purported data."

Why Star Wars Jedi: Survivor's six week delay is a good thing eiqexiddiqudinvWhy Star Wars Jedi: Survivor's six week delay is a good thing

The tweet referenced in the statement is Abrams' which recounts his conversation with the group. The deadline for the purchase is cited as Monday, March 4 so if it is real, Epic has to act fast to deal with the threat appropriately.

Who is Mogilevich?

Cyber Daily reported on Mogilevich last week, saying the fledgling ransomware group is new on the scene, with its first attack falling on Tuesday, February 20. Luxury car manufacturer, Infiniti USA (a division of Nissan) was the victim in this instance, and after the initial announcement that it stole 22GB of data, the group said it had sold it just a few days later.

Since then, it's gone on to attack (or at least claiming to have attacked) three more companies, with Epic Games being the most recent. According to Cyber Daily, Mogilevich has a darnet leak site and a possibly defunct Telegram channel, and in its first post on February 18 stated:

"We are Mogilevich, a group dedicated to data extortion. Our agenda is to severely punish companies and corporations that fail to keep their infrastructure under control and security. Our operators are skilled pen-testers and in contrast to other groups like ours in which they lie about their purpose, we agree from the beginning that we are doing it for economic interest"

In relation to the reportedly stolen Infiniti USA data, a post on the Mogilevich Telegram channel said that the data had been sold and that "it would have been better to have paid the ransom. We have no time to waste, new corporations will be added to our blog soon."

Shabana Arif

Print page

Comments:

comments powered by Disqus