Cyberpunk 2077 Developers Hacked and Held for Ransom
By Author: by Jeremiah Cristobal, Security Television Network
Click here for updates on this story
September 4, 2021 (Security Television Network) — Author: Jeremiah Cristobal, Security Television Network
On February 9, 2021, Cyberpunk 2077 ‘s Developers, CD Projeckt Red, issued a statement through their Twitter account stating they had a hack in their system. This hack was later concluded to be a ransomware attack, which included a ransom note that stated the hacker would sell their information to the highest bidder.
The statement issued by the company communicates that, “an unidentified actor gained unauthorized access to our internal network.” It then proceeds to clarify that the CD Projekt Red will not negotiate nor give into the demands of the perpetrator.
“Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised. An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data. We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach. We are still investigating the incident, however at this time we may confirm that – to our best knowledge – the compromised systems did not contain any personal data of our players or users of our services. We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate this incident.”
Official Statement, Source: CD Projekt Red
Other notable statements included that the stolen data belonged to the CD PROJEKT capital group. The securing of their I.T. infrastructure prepared for the backlash that resulted from the leak and a summary of the investigation.
Included in the twitter post was the ransom note given by the perpetrator; highlighting their demands and the information they were able to obtain, which began with language stating, “Hello CD PROJEKT, You[r] have been EPICALLY [p]wned!! We have dumped FULL copies of the source codes from your Perforce server for Cyberpunk 2077, Witcher 3, Gwent and …”
The ransom note also displayed how the hackers wrote, styled and designed their ransom notes. This later led to a security researcher who told Wired that it used the “HelloKitty ransomware”, which was also known for breaching a Brazilian power company, CEMIG (Porter, 2021).
Ultimately, the hackers were allegedly able to sell the stolen data to an outside source instead of back to the original company for a ransom. The data was sold for up to 7 million dollars at a “buy-it-now” price. This 7-million-dollar purchase also required that the code may not be resold after the purchase. The aftermath of the attack resulted in CD Projekt Red delaying their latest games, “Cyberpunk 2077, 1.2 patch”.
This attack was allegedly, a result of the poor reception that CD Projekt Red had received for “Cyberpunk 2077.” With the critically acclaimed “The Witcher 3,” and Cyberpunk 2077 was touted as the game of the decade. The game, however, may not have met their marketing expectations with consumers who believed the hype exceeded the product consumer experience, with game breaking bugs, and multiple release delays, some consumers were frustrated.
Losing the trust of their consumer base, the reputation of CD Projekt Red declined with the alleged malpractice of “crunch” in their workspace. Thereafter, shares in the stock market were impacted with a steep decline, and to this day, more than 6 months since the release of Cyberpunk, the company has still, yet, to recover.
As of June 11, 2021, CD Projekt Red has come out with another statement regarding the hack, which occurred in February. The tweet indicated that they have conducted their own investigation. In a statement, they highlighted the data that was stolen, which may include, “current/former employee and contractor details in addition to data related to our games.” CD Projekt Red worked together with the General Police Headquarters of Poland, Interpol, Europol, and the Personal Data Protection Office. While the future impact of this ransomware attack is uncertain, the company continues to operate. With new game updates every few months, they will not be going anywhere anytime soon; as this seems to be an indicator that the ransomware attack was merely a setback to the company. “At the same time, ransomware gangs have doubled down on the increasingly common “double-extortion” threat, saying they will auction stolen data if victims don’t pay. Many also maintain “name and shame” blogs – used by operators to post leaked data from victims that refused to send over a ransom.”
Please note: This content carries a strict local market embargo. If you share the same market as the contributor of this article, you may not use it on any platform.
Dr. James Halldrhall@security20.com(202) 607-2421
