Last week, a ransomware group going by the name Mogilevich posted a message claiming that they hacked Epic Games, saying that they had nearly 200 gigabytes of internal data including “email, passwords, full name, payment information, source code” and more. Following the message, Epic Games responded that it was investigating but found “zero evidence that these claims are legitimate.” Today, it has been revealed that the supposed hack of Epic Games was a hoax.
Last week, in their statement to VGC, Epic Games said “We are investigating but there is currently zero evidence that these claims are legitimate. Mogilievich has not contacted Epic or provided any proof of the veracity of these allegations. When we saw these allegations, which were a screenshot of a darkweb webpage in a Tweet from a third party, we began investigating within minutes and reached out to Mogilevich for proof. Mogilevich has not responded. The closest thing we have seen to a response is this Tweet, where they allegedly ask for $15k and ‘proof of funds’ to hand over the purported data.”
Mogilevich provided a link as proof that it had Epic Games’ data, but the link never led to the trove of illicit personal information and source code. Instead, it led to the group’s official announcement.
“Unfortunately this link led you to an important announcement of our business instead of evidence of a breached database,” a Mogilevich spokesperson called Pongo said. “You may be wondering why all this, and now I’m going to explain everything you need. In reality, we are not a ransomware-as-a-service, but professional fraudsters. None of the databases listed in our blog were as true as you might have discovered recently. We took advantage of big names to gain visibility as quickly as possible, but not to fame [sic] and receive approval, but to build meticulously our new trafficking of victims to scam.”
Mogilevich allegedly sold its fake ransomware infrastructure to other would-be hackers. As part of the scam, they asked for screenshots of crypto wallets as proof they were serious. The gang then used those scans as evidence it had access to hacked wallets, making more money.
Mogilevich said that it had gained access to the network of drone-maker DJI and managed to trick a buyer out of $85,000.