In a devastating blow to the gaming community, the "Ethyrial: Echoes of Yore" MMORPG fell victim to a ruthless ransomware attack last Friday, Nov. 24.
The incident resulted in the obliteration of 17,000 player accounts, along with the loss of in-game items and progress.
Developed by indie game publisher 'Gellyberry Studios, the said game is an old-school MMORPG available on Steam's 'Early Access' platform.
The game, relying on monthly subscriptions and community support for ongoing development, offers a nostalgic journey to players.
Ransomware Strikes Indie Publisher
Announced through the game's official Discord channel, malevolent ransomware actors targeted the main server, encrypting all data, including local backup drives.
Demanding payment for a decryption key, the attackers left Gellyberry Studios facing a challenging decision.
Choosing not to yield to the attackers' demands, Gellyberry Studios opted for a manual restoration of all affected systems.
While the incident resulted in the loss of 17,000 player accounts and their in-game characters, the developers assured the community that they would painstakingly restore everything "to the fullest extent possible."
"Last Friday morning, our server fell victim to a cryptographic ransomware attack, which systematically encrypted all data on the system/local backup drive and left a ransom note to pay in Bitcoin to decrypt the files. In cases like this, hackers will often take a payment and never provide the decryption key. As such, we were forced to rebuild the server and create new account and character databases."
Related Article: Europol Busts Major Ransomware Gang: 5 Arrested, Including Ringleader
What Gellyberry Promised to Compromised Accounts
To express gratitude for player understanding and support, Gellyberry Studios promised impacted players a complete retrieval of items and progress, along with a premium "pet" in-game.
Additionally, the developers pledged to enhance security measures, including more frequent offline account database backups, the implementation of a P2P VPN for remote server access, and restricting server access to a specific IP address range.
According to Bleeping Computer, the server availability was restored late on Friday, prompting the publisher to encourage players to create new accounts and seek manual restoration through the dev team via echoesofyore@gmail.com.
While ransomware attacks on game publishers are not unheard of, they typically impact the company rather than the players. Notable incidents include the 2021 attack on CD PROJEKT RED and the 2023 threat to Riot Games, emphasizing the persistent threat landscape faced by the gaming industry.
It should be noted that "Minecraft" account thieves in Japan also engaged in ransomware operations in 2021. The group of hackers was asking for 2,000 yen or $17 from the victims.
Later, they apologized to the players. The weird thing is, they only asked for a small amount of money which is quite uncommon among threat actors.