The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher, has disclosed a ransomware attack.
The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher series, has suffered a ransomware attack.
Important Update pic.twitter.com/PCEuhAJosR
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
The attack took place on February 8, a threat actor breached its corporate network and encrypted some of its devices.
“Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.” reads a statement published by the company.
“An unidentified actor gained unauthorized access to our internal network, collected certain data belong to CD PROJEKT capital group and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data,”
According to BleepingComputer, the attack was conducted by a ransomware group named HelloKitty, which claimed to have stolen copies of the source code for popular games like Cyberpunk 2077, Gwent, and The Witcher 3.
Emisoft’s expert Fabian Wosar confirmed that the systems of the game maker were infected with a ransomware strain dubbed ‘HelloKitty.’
The amount of people that are thinking this was done by a disgruntled gamer is laughable. Judging by the ransom note that was shared, this was done by a ransomware group we track as "HelloKitty". This has nothing to do with disgruntled gamers and is just your average ransomware. https://t.co/RYJOxWc5mZ
— Fabian Wosar (@fwosar) February 9, 2021
The group also claims to have obtained a copy of an unreleased version of The Witcher 3 game.
CD PROJEKT RED reported the incident to the police and relevant authorities, including the President of the Personal Data Protection Office, it also hired IT forensic specialists to investigate the intrusion.
The gaming firm confirmed that it wouldn’t be paying any ransom demand.
“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” the company adds.
The company revealed that the compromised systems did not contain players’ personal data.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Cyber Defense Magazine