'Cyberpunk 2077' Developer CD Projekt Red Is Being Held at Ransom by Hackers
The company announced it has fallen victim to a ransomware attack, with an "unidentified actor" now threatening a data leak
The developer went public about the ransomware attack this morning, saying the company was targeted by an "unidentified actor" who gained access to some its internal systems. However, CD Projekt Red stated it does not believe players' personal data has been compromised, while adding that CD Projekt Red has not given in to the demands or negotiated with the attacker.
"We are still investigating the incident, however at this time, we can confirm that — to our best knowledge — the compromised systems did not contain any personal data of our players or users of our services," reads the announcement from CD Projekt Red.
"We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data."
Alongside CD Projekt Red's own announcement, the developer shared the ransom note left by the attacker, who claims to have accessed source code for Cyberpunk 2077, Witcher 3, Gwent and an "unreleased version of Witcher 3."
Important Update pic.twitter.com/PCEuhAJosR— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
The attacker is now threatening to release this source code, as well as internal legal, HR and financial documents "if we will not come to an agreement." CD Projekt Red has been an ultimatum of 48 hours.
At this point, CD Projekt Red has been in touch with law enforcement authorities and the Personal Data Protection Office.
Of course, the attack comes after CD Projekt Red made headlines around the world over the truly disastrous launch of its latest game Cyberpunk 2077, which led to refunds, lawsuits, removals from sale and more.
UPDATE (2/9, 2 p.m. ET): As some readers have pointed it, many suspect that the attack does not come at the hands of disgruntled gamers. As Fabian Wosar of cybersecurity company Emsisoft tweeted, the attack may stem from a known ransomware group known as HelloKitty.
Before CDPR the same group has hacked the Brazillian energy company CEMIG late last year. Earliest victims date back to November 2020, way before CyberPunk was even released.— Fabian Wosar (@fwosar) February 9, 2021
I can see the appeal of the "this was revenge by a former fan", but life is much more boring than that.