“Ethyrial: Echoes of Yore” fell victim to a ransomware attack last Friday. The attack hit 17,000 player accounts, wiping them – a yet unseen outcome of a ransomware attack.
Ransomware encrypted main server “Ethyrial: Echoes of Yore”
On October 19, 2023, ransomware actors successfully attacked the main server of the Ethyrial: Echoes of Yore game. The attackers encrypted all data, including local backup drives – as it usually happens in the course of ransomware attacks. They also left a ransom note demanding payment in Bitcoin for a decryption key.
What is unusual though is the profound impact on all 17,000 player accounts, resulting in the loss of account and character databases. However, game-related files, such as zones, items, monsters, etc., were not lost. Moreover, no customer data was accessed or removed – which is definitely a positive sign for both the developers and users.
Legend says that paying the ransom does not guarantee the return of files. So, faced with the dilemma of trusting the attackers, the developers chose not to negotiate with them. Instead, Gellyberry Studios pledged to restore lost all the info possible manually. To express gratitude for player acceptance and support, impacted users will receive their items and progress back, along with a premium “pet”.
Mitigation
This is not the first time a game publisher has been targeted in ransomware attacks. However, they usually impact the company rather than the players. It’s been a bumpy ride for Gellyberry Studios. The developer outlined security measures it will implement to prevent future incidents in light of the attack. These include:
- Increased frequency of offline account database backups. This solution will reduce the potential impact of any future attacks. So, in case of any security breaches, player accounts and progress can be immediately restored, and the effect of such incidents can be minimized.
- Implementation of a P2P VPN for all remote access to the development server. P2P VPN establishes a secure connection between two or more devices without a central server. This is a reasonable solution, that provides secure networking and additional protection against unauthorized access attempts. It elevates the overall security posture of the development environment.
- Restriction of access to a specific IP address range. By restricting access to the development server within a specific IP address range ensures that only designated IP addresses. By implementing this restriction, the studio reduces the attack surface and strengthens defense against potential external threats seeking unauthorized entry into the server infrastructure.
Although the game servers are currently available, users are prompted to create a new account when logging in. The developer asks players to email [email protected] to restore the game’s progress. It’ll be interesting to see how the indie team comes out of the other end of this attack and whether or not the majority of those 17,000 accounts affected will return.
