CD Projekt Red makes a U-turn, says ransomware crooks are leaking data | GeekComparison

A stylized ransom note asks for bitcoin in exchange for stolen data.

CD Projekt Red, creator of The Witcher series, Cyberpunk 2077and other popular games, said Friday that proprietary data collected from a ransomware attack disclosed four months ago is likely circulating online.

“Today we received new information about the breach and we now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet,” company officials said in a statement. “We are not yet able to confirm the exact content of the data in question, although we believe it may contain data on current/former employees and contractors in addition to data related to our games.”

A turnaround

The update represents a reversal of sorts, as it warns that information from current and former employees and contractors is now believed to be among the compromised data. When the Poland-based gamemaker disclosed the attack in February, he said he did not believe the stolen data contained personal information of employees or customers.

A week later, the company claimed the chances of employee personal information being released were “low.” It went on to say that “after our investigation we found no evidence whatsoever that personal data was actually transferred outside the corporate network” and that “due to the actions of the attackers, we may never be able to say for sure if they actually have personal data.” copied.”

It’s not clear why it took CD Projekt Red four months to determine that employee data was likely compromised. Presumably, a forensic investigation could have made that decision earlier. Attempts to reach CD Projekt Red representatives for comment immediately failed.

Cats and Auctions

Shortly after CD Projekt Red’s initial unveiling, researchers said they found data revealing the source code for games, including: Cyberpunk 2077Gwentand The Witcher 3 was put up for auction with a starting bid of $1 million.

A separate team of investigators reported that the auction was closed after a buyer offered a price outside the auction forum that was acceptable to the sellers. The price was never disclosed. However, there is no evidence that a sale actually took place, and some researchers have speculated that when no buyer showed up, the sellers lied to save face.

Researchers say the CD Projekt Red breach was carried out by HelloKitty, a little-known ransomware group that some researchers refer to as DeathRansom.

From the outset, the playmaker has steadfastly refused to pay or even negotiate with the ransomware operators. That stance is admirable, though it’s much easier to take when victims can quickly rebuild their networks using backups, as Projekt Red was. Even then, there are prizes to be paid, as the playmaker discovers first hand.

Leave a Comment