Riot Games says it will not pay a $10 million ransom demanded by attackers who stole League of Legends source code in last week’s security breach.
“Today, we received a ransom email. Needless to say, we won’t pay,” the video game publisher and developer said on Tuesday.
“While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.”
While inside Riot Games’ systems, the threat actors stole source code for the League of Legends (LoL) multiplayer online battle arena, the Teamfight Tactics (TFT) auto battler game, and a legacy anti-cheat platform.
The LoL and TFT teams are looking into how cheat developers could use the stolen data to create new tools and analyzing if any fixes are needed to fend off such malicious efforts.
The game source code stolen during the security breach also contains some features still waiting to be released, which might not reach the release phase, according to the game developer.
“While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there’s no guarantee it will ever be released,” Riot Games said.
Riot Games said it’s working with law enforcement and external consultants to investigate the attack and that a full report will be released detailing how its development environment was breached and what measures were taken to prevent this from happening again.
Today, we received a ransom email. Needless to say, we won’t pay.
While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised.
— Riot Games (@riotgames) January 24, 2023
Last week, when the breach was disclosed, the game publisher also said that the incident directly impacted its teams’ ability to publish game patches, with some of them likely to be delayed as a result.
“While our teams are working hard on a fix, we expect this to impact our upcoming patch cadence across multiple games,” Riot Games said.
Andrei van Roon, the head of League Studio, also chimed in and said that nothing on the release plan for LoL’s Patch 13.2 would be canceled but that they “might just have to move things that can’t be hotfixed (eg art changes) to a later date instead.”
$10 million ransom
According to a report from Motherboard, who obtained the ransom note sent to Riot Games, the hackers asked for $10 million not to leak the stolen source code and delete it from their servers.
“We have obtained your valuable data, including the precious anti-cheat source code and the entire game code for League of Legends and its tools, as well as Packman, your usermode anti-cheat,” the ransom note reads.
“We understand the significance of these artifacts and the impact their release to the public would have on your major titles, Valorant and League of Legends. In light of this, we are making a small request for an exchange of $10,000,000.
“In return, we will immediately remove all source code from our servers and guarantee that the files will never be released to the public. We will also provide insight into how the breach occurred and offer advice on preventing future breaches.”
Several game publishers hacked in recent months
The Riot Games breach follows the hack of another major video game publisher, 2K Games, which said in September 2022 that attackers breached its help desk and infected some customers with malware. In October 2022, 2K warned its users that some of their information was stolen and put up for sale online.
The same month, Rockstar Games was also breached, with the attacker leaking videos of the unreleased Grand Theft Auto VI game and source code files for GTA V and GTA VI.
The hacker behind the Rockstar Games incident has also claimed a cyberattack on Uber, which attributed their breach to the Lapsus$ extortion group.
Lapsus$ is known for hacking into the network of a series of high-profile companies, including Microsoft, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, Okta, and e-commerce giant Mercado Libre.
This cybercrime group also leaked source code and proprietary data stolen from victims’ networks, which led to massive data breaches and leaks.