The recent revelation by the Mogilevich ransomware gang has sent shockwaves through the gaming and cybersecurity community, as they disavow any involvement in ransomware activities and instead confess to operating as “professional fraudsters.” Initially claiming to have breached data from gaming giant Epic Games, the group’s purported hack failed to yield the expected trove of sensitive information and source code. Instead, it exposed their true intentions as scam artists.
In case you missed it, Mogilevich caused a stir on social media on the evening of February 27 by announcing their alleged hack through a message on a darknet leak site. According to Cyber Daily, the group boasted of “quietly carried out an attack” on Epic Games’ servers, claiming to have stolen copious amounts of data, including emails, passwords, full names, payment information, and source code, tallying up to 189 GB. They also announced plans to sell the data but failed to specify a price. However, they provided no evidence to support their claims.
Epic Games promptly responded, refuting the claim and asserting they discovered no evidence of security breach. In a statement to Insider Gaming, the team’s spokesperson commented, “We are investigating but there is currently zero evidence that these claims are legitimate. Mogilievich has not contacted Epic or provided any proof of the veracity of these allegations.” They further noted, “The closest thing we have seen to a response is this [third party] tweet, where they allegedly asked for $15k and “proof of funds” to hand over the purported data.”
However, the situation took a surprising turn on March 3 when a Mogilevich spokesperson named Pongo admitted that the alleged hack targeting Epic Games was, in fact, a money-making scam rather than an actual ransomware attack. As reported by Cyber Daily, the data released on this day did not provide any evidence of a breached database. Instead, it included an unexpected revelation saying, “You may be wondering why all this, and now I’m going to explain everything you need. In reality, we are not ransomware-as-a-service, but ‘professional fraudsters’.”
Pongo further elaborated, “None of the databases listed in our blog were as true as you might have discovered recently. We took advantage of big names to gain visibility as quickly as possible, but not to fame [sic] and receive approval, but to build meticulously our new trafficking of victims to scam.” “Why confess all this when we could just run away? This was done to illustrate the process of our scam. We don’t think of ourselves as hackers, but rather as criminal geniuses if you can call us that,” he concluded.
Mogilevich claimed to have sold fake ransomware infrastructure to at least eight aspiring hackers, generating tens of thousands of dollars. Additionally, they accrued $85,000 through various fraudulent tactics, including misleading a victim into believing they had compromised the drone company DJI.
The authenticity of Mogilevich’s claims remains uncertain, leaving open the question of whether they genuinely occurred or if they were fabricated to evade legal consequences. Epic Games has not yet commented on this latest development.
Words by Khushboo Malhotra
We’re trying to raise £200 a month to help cover our operational costs. This includes our ‘Writer of the Month’ awards, where we recognise the amazing work produced by our contributor team. If you’ve enjoyed reading our site, we’d really appreciate it if you could donate to The Indiependent. Whether you can give £1 or £10, you’d be making a huge difference to our small team.