Riot Games refuses to pay ransom to avoid League of Legends leak

After confirming threat actors were able to steal some of its code, Riot Games has also revealed that it received a ransom email from its attacker. The attackers demanding $10 million to stop them leaking source code from League of Legend’s and other games. Riot’s reply?

The company says it is already looking into countering the negative effects of stolen code falling into the wrong hands.

Motherboard was able to obtain a copy of the ransom email and partially shared the content with its readers, which we have replicated below:

Dear Riot Games,

We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti-cheat. We understand the significance of these artifacts and the impact their release to the public would have on your major titles, Valorant and League of Legends. In light of this, we are making a small request for an exchange of $10,000,000.

According to the ransom note, if paid, the attackers promised to scrub the stolen code from their servers of and “provide insight into how the breach occurred and offer advice on preventing future breaches.” The attackers also opened a Telegram chat the company can use to reach out to them. 

“We do not wish to harm your reputation or cause public disturbance. Our sole motivation is financial gain,” the note further said, giving Riot Games a deadline of 12 hours. “Failure to do so will result in the hack being made public and the extent of the breach being known to more individuals.”

Last week, Riot Games revealed in a series of tweets that it had been compromised via a “social engineering attack”. The attackers siphoned out code for the company’s flagship games, League of Legends, Teamfight Tactics, and Pacman, its anti-cheat software for Valorant and League of Legends. The company said it has been working with law enforcement in investigating the hack and expects its systems to be fully restored by the end of the week.

Epic isn’t the only games company to find itself in the sights of attackers. The help desk of 2K Games was breached in September 2022, and then used to infect its customers with malware. A month later, 2K had alerted its users that some of their information had been stolen and was now up for sale.

Also in September last year, Rockstar Games experienced a messy leak after posts of a then-alleged sequel to its Grand Theft Auto franchise appeared online, shocking many. In a tweet, the company revealed someone illegally accessed its network and downloaded confidential information, including video clips containing concept content for the anticipated sequel. Eight days later, a British teen was arrested in London.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://blog.malwarebytes.com/feed/