Ransomware attack on indie game maker wiped all player accounts

Original Source: Bleeping Computer

A ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game.

Ethyrial: Echoes of Yore is a free-to-play old-school MMORPG developed by indie game publisher 'Gellyberry Studios.'

The title is available on Steam as an 'Early Access' release, meaning it is still in an early development phase and relies on monthly subscriptions and community support to continue its development.

As announced on the game's official Discord channel, ransomware actors attacked the main server and encrypted all data, including local backup drives, demanding payment in exchange for a decryption key.

The game developers do not trust that paying the attackers guarantees the provision of a decryption key, so they decided to restore all affected systems manually.

"Last Friday morning, our server fell victim to a cryptographic ransomware attack, which systematically encrypted all data on the system/local backup drive and left a ransom note to pay in Bitcoin to decrypt the files," reads the announcement.

"In cases like this, hackers will often take a payment and never provide the decryption key. As such, we were forced to rebuild the server and create new account and character databases."

Announcement on Discord
Announcement on Discord (BleepingComputer)

The incident impacts all 17,000 player accounts and their in-game characters, who have been lost now, but Gellyberry says they will manually restore everything that was lost "to the fullest extent possible for everyone affected."

Impacted players will get all their items and progress back, plus a premium "pet" as a gesture of appreciation for their understanding and support.

The game developer also promised to increase the frequency of taking offline account database backups, implement a P2P VPN for all remote access to the development server, and only allow a specific IP address range to access it.

Server availability returned late on Friday, with Gellyberry urging all players to create new accounts and ask for a manual restoration by the dev team by emailing [email protected].

This is not the first time a game publisher has been targeted in ransomware attacks, but they usually impact the company rather than the players.

A notable case of a ransomware attack on a game publisher is the February 2021 attack on 'Cyberpunk 2077' and 'Witcher 3' developer CD PROJEKT RED, carried out by HelloKitty ransomware.

In January 2023, Riot Games, the creator of popular titles like 'League of Legends' and 'Valorant,' faced a ransom demand of $10,000,000 from hackers, who threatened to release stolen source code unless the payment was made.

Source URL: https://www.bleepingcomputer.com/news/security/ransomware-attack-on-indie-game-maker-wiped-all-player-accounts/

Author: Bill Toulas

Leave a Comment