Gamer Escape 3.0 and Security Update

Yesterday, Gamer Escape was the victim of a ransomware attack.

At around 4:45 PM ET on April 14th, our server was accessed by a third party and all of our data was subsequently encrypted. A message was left by the intruder which instructed us to contact them.

These attackers then requested a large sum of money in return for unlocking the files. However, even if we decided to pay them, there was no guarantee that our files would be given back to us, or that the server would be free of other malicious code added by these intruders.

While we have no reason to believe that this attack on our server had a goal of obtaining user names and passwords, there is a possibility that that information was obtained during this intrusion. If you use your Gamer Escape account name or password on other websites, we would encourage you to change that password.

Additionally, our regular back-ups, which were hosted on the same server, were also compromised during this attack.

However, in this particular case we are, somewhat, lucky.

As many of you know, for some time now we have been working on what we have been calling Gamer Escape 3.0. A new website design accompanied by various site upgrades. Because of our work on GE 3.0, we had some parts of the website backed up for testing.

Sadly however, this back up was created in December of 2016. This means that we will be doing our best to get our Final Fantasy XIV wiki and our important blog posts re-added over the next couple of weeks. We will also be working to get the Final Fantasy XI wiki back up as well. Sadly, our Final Fantasy XV Wiki was lost as a result of these attacks.

Because of this incident, we’ve been forced to release Gamer Escape 3.0 before we intended and as a result, there may still be some issues with the site design. Please know that in most cases, we are aware of any issues and we are working hard to get things smoothed out as quickly as possible. Please feel to contact us via e-mail or on our Discord support channel if you have any problems with the new site.

We have already begun to add extra security to this new server, starting with SSL, and will continue to look into extra security measures as we move forward.

  • So you did not have back ups bi monthly or even on another machine..Kinda asked for it tbh.

    • Sarah

      No, that was not them asking for it… asshat

      • It really was.

        • Alhanalem

          When you’re a small community site, it is not that surprising to not expect and plan for this sort of thing to happen. Unfortunately it was a hard learned lesson, but sometimes, that’s how you have to learn things.

      • It really was.

  • Shava Nerad

    Most of us use social logins from Disqus on this site, I would think. What exact information were you keeping, and how was it _not_ encrypted? Please be more specific?

    • Alhanalem

      Disqus is an external comment system, so you should be fine on anything related to that, except that as the article advises, if your disqus or any other account is sharing a password with your former GE password, that you change it.

      Your GE account contained no other information than the username (which is public), password, and email used to sign up. Technically also your wiki edits but those are public as well. Account info WAS encrypted, but as is typical with any security breach, it is a good idea to change any identical passwords.

  • Nixxah

    I just want to say that I’m so glad you’re back.

  • I assume you’ve looked into the possibility of decrypting the data yourselves? A lot of the malware writers aren’t very thorough about generating encryption keys, so white hat hackers and anti-virus companies have been able to create a lot of decryption key generators. Just a couple examples from a quick google search:
    https://blog.avast.com/avast-releases-four-free-ransomware-decryptors
    https://www.bleepingcomputer.com/news/security/petya-ransomwares-encryption-defeated-and-password-generator-released/

    • Haahhh Gayyy

      I assume GamerEscape was hacked by the same hackers that hacked my communities dedicated servers for Arma and TS3 which has an encryption key of 1024bits which would take a hell of a long time to brute force. Fortunately for us all our data had been backed up only 2 days before the attack. Which also occured around the time of the GE hack. They also left a note with contact details and a Ransom which as a community we cannot afford to pay. Essentially wipe and reset guys.

      • 1: That’s a bit of a jump, there are a lot of hackers and malware using this technique out there right now.

        2: Yes, 1024 bit encryption would be effectively impossible do decrypt if it were implemented properly. The problem/opportunity is that many of them don’t implement it properly. They generate keys using a flawed method or reuse keys.

        Which one were you hit by? Not every form of ransomware can be hacked, but a lot of them can. Here are tools to decrypt data for 22 different ransomware attacks, just from the top couple hits on google. Of course you’d have better look looking specifically for whichever kind you got hit by.

        https://www.avast.com/ransomware-decryption-tools
        https://noransom.kaspersky.com/

  • Danny Miranda

    This sucks, I use the wiki like every day. :(

    Good thing is, you can still get the info from Google cache. That being said, I’ll start filling up the missing info from google cache, will be a ton or work to do, so I recommend all users to do the same in order to get our wiki back~ :)

  • Dan Hughes

    Is there any way we can support GamerEscape? Beyond editing the wiki?

    • gahoo

      Thanks for asking Dan. Editing the wiki, browsing, not blocking ads are all good ways to support us. If you are looking to volunteer more directly (news, articles, etc.) you can reach out to us on Discord. If you are looking for wiki projects pop in as well, since I’m sure the heavy editors have some ideas they’ve put on the back burner. We’re not looking for direct financial support at the moment.