Major companies like Epic Games have been added to the ransomware gang’s data leak site. The crooks are threatening to release hundreds of gigabytes of data.
“There is zero evidence right now that the ransomware claims from Mogilevich are legitimate. Mogilevich has not contacted Epic or provided any proof of the veracity of allegations,” Epic Games tweeted.
The American video game and software developer and publisher is among a number of prominent and high-profile companies recently claimed as victims on the Mogilevich ransom gang’s data leak site.
Mogilevich claimed its first victim on February 20th, 2024. This, of course, doesn’t mean that the crooks behind it are novices since rebranding and trying to throw researchers off track is a popular tactic in the underground world.
Mogilevich might sound familiar to some – Semion Yudkovich Mogilevich is an infamous Russian organized crime boss.
“We are Mogilevich, a group dedicated to data extortion. Our agenda is to severely punish companies and corporations that fail to keep their infrastructure under control and security. Our operators are skilled pentesters, and in contrast to other groups like ours in which they lie about their purpose, we agree from the beginning that we are doing it for economic interest,” the gang’s data leak site reads.
At the time of writing, the Mogilevich ransomware gang had listed eight victims on its data leak site and claimed to have sold the data of a few of them already.
Shein, a retail giant, is the latest victim to feature on the site. Mogilevich crooks claim to have stolen 300GB of customer, employee, and shipment data.
They’ve also allegedly breached Kick’s live video streaming service system and stolen 75GB of user data and logs.
The attackers have also allegedly penetrated the systems of DJI, the world’s largest drone manufacturer systems, and are sitting on a whole terabyte of data on private projects and customers.
"DJI is aware of the claims made by the Mogilevich extortion group. While we are investigating this internally, currently there is no evidence indicating data breaches," DJI told Cybernews.
We’ve reached out to Shein and Kick, too, for on-the-record comments but have yet to receive any response.
Your email address will not be published. Required fields are markedmarked