{
	"id": "bdf03800-a716-41dd-828c-66a6b43fce0e",
	"created_at": "2026-04-06T00:14:13.099645Z",
	"updated_at": "2026-04-10T03:20:56.959272Z",
	"deleted_at": null,
	"sha1_hash": "c493afe38532e07dddbdf65d8fdc789b5441a7fe",
	"title": "Ubisoft, Crytek data posted on ransomware gang's site",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 190352,
	"plain_text": "Ubisoft, Crytek data posted on ransomware gang's site\r\nBy Written by Catalin Cimpanu, ContributorContributor Oct. 15, 2020 at 10:01 a.m. PT\r\nArchived: 2026-04-05 14:13:22 UTC\r\nA ransomware gang going by the of Egregor has leaked data it claims to have obtained from the internal networks\r\nof two of today's largest gaming companies — Ubisoft and Crytek.\r\nData allegedly taken from each company has been published on the ransomware gang's dark web portal on\r\nTuesday.\r\nImage: ZDNet\r\nDetails about how the Egregor gang obtained the data remain unclear.\r\nRansomware gangs like Egregor regularly breach companies, steal their data, encrypt files, and ask for a ransom\r\nto decrypt the locked data.\r\nHowever, in many incidents, ransomware gangs are also get caught and kicked out of networks during the data\r\nexfiltration process, and files are never encrypted. Nevertheless, they still extort companies, asking victims for\r\nmoney to not leak sensitive files.\r\nUsually, when negotiations break down, ransomware gangs post a partial leak of the stolen files on so-called leak\r\nsites.\r\nOn Tuesday, leaks for both Crytek and Ubisoft were posted on the Egregor portal at the same time, with threats\r\nfrom the ransomware crew to leak more files in the coming days.\r\nFor the Ubisoft leak, the Egregor group shared files to suggest they were in possession of source code from one of\r\nthe company's Watch Dogs games. On its web portal, the group touted they were in possession of the source code\r\nfor the Watch Dogs: Legion game, scheduled to be released later this month. It was, however, impossible to verify\r\nthat these files came from the new game, rather than an existing release.\r\nubisoft-leaked-folder.png\r\nImage: ZDNet\r\nhttps://www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/\r\nPage 1 of 2\n\nFor the past year, security researchers have tried to reach out and notify Ubisoft about several of its employees\r\ngetting phished, with no results, which may provide a clue of how the hackers might have got it.\r\nBut while hackers leaked only 20 MB from Ubisoft, they leaked 300 MB from Crytek, and this data contained a\r\nlot more information.\r\nThe Crytek files included documents that appeared to have been stolen from the company's game development\r\ndivision. These documents contained resources and information about the development process of games like\r\nArena of Fate and Warface, but also Crytek's old Gface social gaming network.\r\ncrytek-leak-folders.png\r\nImage: ZDNet\r\ncrytek-leak.png\r\nImage: ZDNet\r\ncrytek-leak-minutes.png\r\nImage: ZDNet\r\nNeither Ubisoft nor Crytek responded to emails seeking comment on the leaks. None of the companies reported\r\nmajor security incidents weeks, nor any abnormal and prolonged downtimes, suggesting the Egregor intrusion\r\ndidn't likely impact cloud and gaming system, but merely backend office and work networks, where most\r\nransomware incidents usually incur damages.\r\nHowever, in an email interview with ZDNet, the Egregor gang provided more details about the two incidents. The\r\nransomware operators said they breached the Ubisoft network, but only stole data, and did not encrypt any of the\r\ncompany's files.\r\nOn the other hand, \"Crytek has been encrypted fully,\" the Egregor crew told ZDNet.\r\nThe Egregor group said that neither company engaged in discussions, despite their intrusions, and no ransom has\r\nbeen officially requested yet.\r\n\"In case Ubisoft will not contact us we will begin posting the source code of upcoming Watch Dogs and their\r\nengine,\" the group threatened, promising to publish more data in a press release tomorrow.\r\nSecurity\r\nSource: https://www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/\r\nhttps://www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://www.zdnet.com/article/ubisoft-crytek-data-posted-on-ransomware-gangs-site/"
	],
	"report_names": [
		"ubisoft-crytek-data-posted-on-ransomware-gangs-site"
	],
	"threat_actors": [],
	"ts_created_at": 1775434453,
	"ts_updated_at": 1775791256,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c493afe38532e07dddbdf65d8fdc789b5441a7fe.pdf",
		"text": "https://archive.orkl.eu/c493afe38532e07dddbdf65d8fdc789b5441a7fe.txt",
		"img": "https://archive.orkl.eu/c493afe38532e07dddbdf65d8fdc789b5441a7fe.jpg"
	}
}