UPDATE 3/3/24: A Mogilevich spokesperson has confirmed that the whole Epic Games Breach Fiasco was a money-minting scam and is not a ransomware operation.
A new ransomware group has asserted that it has successfully breached Epic Games, a notable game developer and distributor. The group, known as the Mogilevich gang, released the purported details of the hack on their darknet leak site.
“We have quietly carried out an attack to [sic] Epic Games’ servers,”
Mogilevich spokesperson said.
Epic Games is a well-known game developer and distributor recognized for the immensely popular online shooter Fortnite, as well as classic titles like Unreal Tournament and the Gears of War series. Additionally, Epic Games operates its own online marketplace, the Epic Games Store, where they offer games from various developers and publishers.
With a global presence, Epic Games has offices in multiple locations worldwide, including Australia, and also owns several subsidiary companies.
Mogilevich Gang Claims 189 Gigabytes of Stolen Data in Epic Games Breach
The Mogilevich gang asserts that they possess 189 gigabytes of data stolen from Epic Games Breach, including email, passwords, full names, payment information, source code, and more.
This data is currently being offered for sale. A hyperlink on their website prompts interested parties, including Epic Games employees or potential buyers, to click for further information. The link directs to the group’s contact page, which provides a Tox messaging address for communication.
The Mogilevich gang has not specified a specific amount of money in exchange for the data they possess. The current deadline for Epic Games to make the payment or for potential buyers to purchase the data outright is set for March 4th.
Unlike the previous Insomniac Games hack conducted by Rhysida, the Mogilevich gang has not provided any evidence of the Epic Games breach such as proof-of-hack materials.
Epic Games Says Zero Evidence of Ransomware Attack, Was Epic Games Data Breached?
For its part, Epic is unaware of any such incident.
“We are investigating but there is currently zero evidence that these claims are legitimate,”
“Mogilievich has not contacted Epic or provided any proof of the veracity of these allegations. When we saw these allegations, which were a screenshot of a darkweb webpage in a Tweet from a third party, we began investigating within minutes and reached out to Mogilevich for proof.”
“Mogilevich has not responded. The closest thing we have seen to a response is this Tweet, where they allegedly ask for $15k and “proof of funds” to hand over the purported data.”
Epic Games spokesperson said in a statement.
The Mogilevich gang has added this comment to the leak post for its alleged Epic Games hack.
“For clueless and retarded journalists, I’d like to tell you that we’re not asking EpicGames for $15,000 ransom, that’s the price that’s going to sell,”
“For those who are even more jerks I would like to say that the evidence is private to minimise scams, people could use the samples to impersonate my group, that’s why we show the evidence to people that prove they really have the money to afford it. So, do you think it’s fake? Send me a proof of funds of 15k and you’ll see.”
Mogilevich spokesperson said.
Who is Mogilevich Ransomware?
Mogilevich is a relatively new ransomware threat actor that has gained attention. Epic Games is reportedly the fourth targeted victim by this group, following its attack on Nissan subsidiary Infiniti USA on February 20th of this year.
The gang is believed to have Russian-speaking members. While their activities seem to be self-driven at the moment, they are also promoting themselves as a ransomware-for-hire service, indicating a potential expansion of their operations.
