Crytek Confirms The Egregor Ransomware Attack In 2020

Egregor leaked customers' personal information on the dark web!

Crytek is a well-known German game developer and publisher most noted for its Crysis franchise. Earlier this month, Crytek confirmed that its encrypted systems containing customers’ personal information were breached by a ransomware group — Egregor — which was later leaked on the dark web. First reported by BleepingComputer, the company sent out letters to the victims of the data theft in which it acknowledges the ransomware attack that happened in October 2020. The letter was shared with BleepingComputer by one of the individuals impacted by the encryption breach.

Egregor Ransomware Attack
Ransomware Attack on Crytek (Letter) | Source: BleepingComputer

The letter sent out by Crytek to the impacted individuals reads, “We want to inform you that Crytek was the victim of a ransomware attack by some unknown cyber-criminals. Ransomware is a form of malware that encrypts files on the systems of the attacked company. During that attack certain data had been encrypted and stolen from our network. We took immediate action to prevent the encryption of our systems, further secure our environment, and initiate an internal and external investigation into the incident.”

Egregor Ransomware Attack
Ransomware Attack on Crytek (Letter) | Source: BleepingComputer

Crytek tried to downplay the data theft by reassuring its customers by saying that the website itself was “difficult to identify” and that in their assessment, only a few individuals would’ve taken note of it. In addition to this, the company also wrote that considering the size of the leaked information, it would’ve taken too long to download it anyway, which would probably have been a struggle for individuals that wanted to get a hold of the data.

Crytek further reassured its customers by telling them that those who did try to download the leaked data were likely thrown off by the “huge risk” of malware embedded in the stolen files that would compromise their systems. It seems like Crytek wants to convince its customers that have little to no knowledge about computers or encryption, Anyone that understands how malware works would know that anyone that wants to get a hold of the leaked information would likely use a virtual machine to download it.

Additionally, those that do steal information and data from companies like Crytek are likely going to sell or share it with other cybercriminals. Crytek is trying to make it seem like the data theft that happened months ago was nothing serious and while that does make sense from a business standpoint, transparency towards customers is absolutely necessary. “While we are not aware of the misuse of any information potentially impacted, we are providing this notice as a part of our precautions,” Crytek wrote in the letter.

In October 2020, familiar sources reported that Crytek had been attacked by a ransomware group that goes by the name “Egregor”. However, no details about how many encrypted systems were breached were provided. The only thing that we knew for certain was that the stolen files had been renamed to include the “.CRYTEK” extension. The stolen data leaked by Egregor on their website comprised of files related to WarFace, the cancelled Arena of Fate MOBA game, and documents that included information about their network operations.

So far, Egregor has also attacked many renowned organisations and companies around the world, such as Barnes and Noble, Kmart, Cencosud, Randstad, and Vancouver’s TransLink metro system. In February, many members of the Egregor ransomware group were arrested in Ukraine during a shared operation between the French and Ukrainian authorities. The ransomware group was arrested after the French law enforcement could trace the ransom transactions back to Ukraine. The arrested members are considered to be associates of Egregor whose responsibility was to hack into security networks and deploy the ransomware attack.

Egregor Ransomware Attack
Egregor ransomware victims: from September 2020 to present – Distribution by country | Source: Group-IB

In January, the FBI released an official notification that warned companies and individuals about the security risk that Egregor poses, saying that “the FBI does not encourage paying a ransom to criminal actors”. Since September 2020, the Egregor ransomware attack has amassed more than 200 victims, including Crytek and Ubisoft. Fortunately, we haven’t seen much action from the ransomware group since the arrest of some of its members.

What do you think about this? Do tell us your opinions in the comments below!

Did you find this helpful? Leave feedback below.

Thanks! Do share your feedback with us. ⚡

How can we make this post better? Your help would be appreciated. ✍

Subscribe to our newsletter and get up-to-speed gaming updates delivered to your inbox.

We don’t spam! Read more in our privacy policy.

Huzaifa, an Online News Editor at, is a video game industry aficionado with a talent for unearthing the juiciest stories for his beloved readers. Currently pursuing a Bachelor of Science degree in Data Science, he dives deep into the abyss of news, meticulously dissecting every tiny detail to serve his audience. When he's not unravelling breaking news, he becomes a master storyteller, conjuring up captivating tales from the depths of his imagination. With a wealth of experience as a Video Game Journalist, he's penned his mighty words for numerous other video game outlets, leaving no video game unturned and no pixel unexplored! Experience: 4+ Years || Education: Bachelor of Science in Data Science || Previously Worked at VeryAli Gaming & TheNerdMag || Covered 100+ News Articles

Related Articles

Join Our Community

Enjoyed this article? Discuss the latest gaming news, get expert help with guides and errors, and chat about all things gaming on eXputer Forums and Discord Server. Connect with fellow gamers who share your passion by becoming a part of eXputer's community.