Riot Games, the developer behind the popular League of Legends game, is the latest victim in the latest attack to target video-game makers.
Riot Games confirms the breach and confirmed that the attackers had exfiltrated source code for the League of Legends (aka LoL) and Teamfight Tactics (TFT) games, as well as source code for an older anti-cheat platform. The attackers issued a ransom demand for $10 million, threatening to otherwise release the source code.
The attack disrupted Riot Games’ development environment but appeared to have failed to compromise player data. Riot Games joins other major video-game makers as victims of online attackers. In September 2022, Rockstar Games was victimized. In 2021, Electronic Arts also victimized.
Analysts estimate that more than half of the US population plays games, with games on mobile devices about twice as popular as those on PCs or consoles. Attacks targeting online gamers typically make up a plurality of DDoS attacks detected each year and accounted for 46% of all attacks in 2020.
Pirated games are often a vector for opportunistic malware. With most games connected to and downloading data from the Internet, games and their online services make ideal vectors of attack.
Riot Games’ response to the attack highlights another trend in the industry: Victims of ransomware attacks are refusing to pay. Last week, digital currency trackers estimated that ransomware revenues fell nearly 40% to nearly $460 million, with the average attack returning less in revenue per transaction.
Riot Games plans to release a full report on the incident to the public, “detailing the attackers’ techniques, the areas where Riot’s security controls failed, and the steps we’re taking to ensure this doesn’t happen again.