Video game developer and publisher Riot Games has revealed that hackers demanded $10 million in ransom for the stolen source codes for League of Legends and Teamfight Tactics.
As evidence, the hackers sent Riot Games PDF files listing the stolen files, including source code branches for Packman (usermode anticheat) and the League of Legends game.
The attackers promised to remove all the source code of the games and anticheat from their servers after receiving the ransom and detail how they hacked the internal perimeter of the IT systems.
"Dear Riot Games!
We have obtained your valuable data, including the precious source code of the anticheat and all game code for League of Legends and its tools, as well as Packman, your custom mode anticheat. We understand the importance of these artifacts and how releasing them to the public will affect your core games, Valorant and League of Legends. As such, we are making a small request for a $10 million exchange.
In return, we will immediately remove all source code from our servers and guarantee that the files will never be published. We will also provide information on how the break-in was performed and offer recommendations on how to prevent future attacks.
We do not want to damage your reputation or cause a public outcry. Our only motivation is financial gain.
We have sent this message to company management and given twelve hours to respond. Failure to do so will result in the hack becoming public and the extent of the leak becoming known to more users.
It is alarming that an amateur-level hacker could break into your security in a matter of hours."
- hackers wrote in an email to Riot Games.
On 24 January, Riot Games reported that hackers had stolen the source code of League of Legends, Teamfight Tactics and the development toolkit for an older version of the anti-chit in a recent cyberattack. The attackers demanded a ransom for non-disclosure. The company refused to pay the hackers.
"We received a ransom demand letter today. Needless to say, we will not pay. While this attack has disrupted our development environment and may cause problems in the future, most importantly, we remain confident that no account data or players' personal information has been compromised," Riot Games explained.
The developers are aware that any disclosure of the source code could increase the likelihood of new cheats. Following the cyber-attack Riot Games has started work on assessing the possible impact of the incident on the current version of the anticheat, and is ready to make modifications to the tool in a timely manner.
Riot Games added that a number of experimental features and work on closed test game modes were also included in the illegally obtained by hackers source code. Much of this content is in the prototype stage, and there was no guarantee that these game options would ever be released.
"Our security specialists and external IS consultants continue to review the situation after the attack and check the IT systems affected by the hackers. The company has also notified law enforcement agencies about the incident and is actively cooperating with them."
Riot Games has promised to publish a detailed report on the incident in the future, detailing the attackers' methods, the affected IT systems and the security mechanisms at the company that did not work properly to prevent the attack.
On 23 January, Riot Games reported that hackers hacked into its IT infrastructure and compromised its development environment. The attackers used social engineering techniques to gain access to the organisation's internal perimeter.
Because of the incident, Riot Games stopped releasing game patches for a while. The problem has also affected the update release schedule for Teamfight Tactics. The company's IS specialists are conducting an internal investigation. They fear that malicious code has entered the company's development environment and are checking the integrity of the code base.
Riot Games explained that the players' data is protected and there is no indication that personal information from the users' accounts got to the hackers. The company did not disclose exactly how the attack occurred or how long the moratorium on game updates would be in place.