CD PROJEKT RED, the Polish game developer behind Cyberpunk 2077 video game, tweeted on February 9 that it had fallen victim to a ransomware attack. An unidentified hacker or a group of hackers gained unauthorized access to the company’s internal network, stole certain game data, and left a ransom note with 48 hours to pay it.
Attackers have stolen the source code for some games, including the flagship Cyberpunk 2077 and The Witcher 3 games.
Just on February 8, the company issued a fix that should protect its assets from future data breaches, but it seems the fix came a bit too late. Apparently, the attack was carried out on the weekend, February 6-7.
This also means the 48 hours have expired, and the data started to circulate. On February 10, attackers posted a portion of the stolen data on a popular hacking forum in a post titled “CDProject Leak #1.” The post contained the source code for GWENT, a card game from The Witcher. The post’s title indicates that there may be another leak tomorrow, in what appears to be a double extortion ransomware tactic.
The leak was shared on Mega.NZ and 4chan as well.
Dumping of the source code would allow players to make game hacks, mods, and jailbreaks. This would spoil the fun for fair players.
Research indicates the ransomware that hit CD PROJEKT RED is known to security experts. “Based on the ransom note file name and Emsisoft intelligence KB the actor seems related to a ransomware group named HelloKitty,” said ransomware expert Luca Mella.
The stolen data have been downloaded many times and have been popping up around the Internet, as other actors are trying to sell it or get a ransom. In one attempt, an actor claimed on February 11 there would be another leak of the Witcher 3, Thronebreaker, Witcher 3 RTX, and Cyberpunk 2077 source codes. An auction would be held at 1 pm Moscow time, and that a deposit of 0.1 BTC is required to participate.
The ransomware also encrypted the CD PROJEKT RED’s systems. But the game developer said their system backups hadn’t been encrypted, and they did not intend to pay the ransom. The company assured no customer data had been stolen by the attackers.
CD PROJEKT RED has already secured their infrastructure and begun restoring the assets.
This is a developing story. And we’ll share any new information as it becomes available. So stay tuned!