Riot Games receives ransom demand from hackers, refuses to pay

Riot Games says it will not pay the ransom demanded by the attackers responsible for the security breach the company disclosed last week.

"Today, we received a ransom email. Needless to say, we won't pay," the video game publisher and developer said on Tuesday.

"While this attack disrupted our build environment and could cause issues in the future, most importantly we remain confident that no player data or player personal information was compromised."

While inside Riot Games' systems, the threat actors stole source code for the League of Legends (LoL) multiplayer online battle arena, the Teamfight Tactics (TFT) auto battler game, and a legacy anti-cheat platform.

The LoL and TFT teams are looking into how cheat developers could use the stolen data to create new tools and analyzing if any fixes are needed to fend off such malicious efforts.

The game source code stolen during the security breach also contains some features still waiting to be released, which might not reach the release phase, according to the game developer.

"While we hope some of these game modes and other changes eventually make it out to players, most of this content is in prototype and there's no guarantee it will ever be released," Riot Games said.

Riot Games said it's working with law enforcement and external consultants to investigate the attack and that a full report will be released detailing how its development environment was breached and what measures were taken to prevent this from happening again.

Last week, when the breach was disclosed, the game publisher said that the incident directly impacted its teams' ability to publish game patches, with some of them likely to be delayed as a result.

"While our teams are working hard on a fix, we expect this to impact our upcoming patch cadence across multiple games," Riot Games said.

Andrei van Roon, the head of League Studio, also chimed in and said that nothing on the release plan for LoL's Patch 13.2 would be canceled but that they "might just have to move things that can't be hotfixed (e.g. art changes) to a later date instead."

The Riot Games breach follows the hack of another major video game publisher, 2K Games, which said in September 2020 that attackers breached its help desk and infected some customers with malware. In October 2020, 2K warned its users that some of their information was stolen and put up for sale online.

The same month, Rockstar Games was also breached, with the attacker leaking videos of the unreleased Grand Theft Auto VI game and source code files for GTA V and GTA VI.

The hacker behind the Rockstar Games incident has also claimed a cyberattack on Uber, which attributed their breach to the Lapsus$ extortion group.

Lapsus$ is known for hacking into the network of a series of high-profile companies, including Microsoft, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, Okta, and e-commerce giant Mercado Libre.

This cybercrime group also leaked source code and proprietary data stolen from victims' networks, which led to massive data breaches and leaks.