CD Projekt Red confirmed that its systems were breached by malicious hackers
UPDATED The developer of headline-grabbing video game Cyberpunk 2077 has announced it was the victim of a ransomware-style attack.
An unidentified actor gained access to the internal network of CD Projekt Red and stole data, the gaming company confirmed on Twitter this morning.
The attackers left a ransom note threatening to release proprietary video game source code and other datasets to the public.
CD Projekt Red said it has already begun restoring data and has secured its IT infrastructure. It added that its backups remain intact.
Read more of the latest ransomware attack news
“We will not give in to the demands nor negotiate with the actor,” a statement posted on Twitter reads.
It adds: “We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.”
CD Projekt Red said that initial investigations revealed that no personal data belonging to players or customers was compromised in the attack.
‘Epically pwned’
In the ransom note, the attackers claimed they had pilfered the full source code for popular video games including Cyberpunk 2077, Witcher 3, and Gwent.
They also said they had documents relating to accounting, administration, legal, HR, investor relations, and more.
“Your (sic) have been EPICALLY pwned!!” the note reads.
The attackers also threatened to sell the source code and send the data “to their contacts in gaming journalism”.
YOU MAY ALSO LIKE Tokyo Gas discloses data breach impacting anime-style dating simulation game
Calvin Gan, senior manager at F-Secure’s Tactical Defense Unit, said: “While it remains to be seen how their internal systems were breached, the lesson from this breach is a good reminder to all organizations out there.
“It is always better to assume and operate in the mindset of ‘when you will be targeted’ rather than ‘if you will be targeted’. Organizations should work towards reducing the attack surface continuously, not just as a one-time effort.”
Gan added: “Organizations must have a response plan in place ready to take effect when needed, but at the same time, constantly being rehearsed so that employees are aware of their next course of action.”
Update
The first batch of CD Projekt Red data has reportedly been leaked, with screenshots of the alleged datasets shared online on February 10.
In the images, multiple files including those titled ‘Packages’, ‘ProjectSettings_Build’, and ‘Assets’ are shown in a dataset that is reportedly from the game Gwent.
According to Twitter user @vxunderground, leaked source code of the games Cyberpunk 2077, Witcher 3, Witcher 3 RTX, and Thronebreaker are being auctioned off on online forums with a starting bid of $1 million.
The codes are also reportedly being sold as a buy it now option for $7 million.
The Daily Swig has reached out to CD Projekt Red for comment on these developments.
This article has been updated to include information on the sale of the leaked datasets.
READ MORE Online gaming platform VIP Games exposes 23 million data records on misconfigured server