Published: April 29, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
There’s nothing “fun and games” about a recent ransomware attack on Riot Games, an American video game developer. According to the company, the ransomware compromised “systems in our development environment,” resulting in the theft of source code for several games developed by the company. Riot Games says the cyber thieves used tried and true social engineering for the divisive attack.
The attackers demanded a $10 million ransom be paid, threatening to publicly release the stolen intellectual property if demands weren’t met. In a response on Twitter, Riot Games wrote “Today, we received a ransom email. Needless to say, we won’t pay.” The company finds no indication player data or PII was compromised in the attack.
Data Exposure Threat
There’s a disturbing trend with ransomware attacks adding risk to the intellectual property of any victimized organization. For Riot Games, stealing their source code and threatening to expose it is the same as giving away the keys to their gaming innovation trade secrets.
Ransomware attacks typically steal a victim’s data, encrypt it, and demand payment to get the decryption key needed to restore data. However, the Riot Games attack has a twist to the ransom demand. That twist includes a blackmail component raising the attack to another level. This tactic adds more pressure on the victim to pay the ransom quickly and avoid the potentially devastating consequences of secret information being exposed.
Releasing an organization’s intellectual property to the public, or to competitors, can lead to the demise of many a business. The potential damage from exposing this data is unthinkable to most business leaders. Yet, for many organizations today, it's a reality that few are prepared to handle.
Protecting Your Organization
Every enterprise can reduce the harmful effects of ransomware. Always be on the lookout for ransomware openings. Regularly backing-up data to a location separate from the network system is always recommended. This way, should your enterprise lose access to data encrypted by ransomware, having a backup means the data can be replaced and the ransom payment isn’t necessary. Combining ransomware awareness with regular data backups is a one-two punch helping prevent an attack from compromising the future of your business.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com