Game Developer CD Projekt Hit by Ransomware Attack

Video games developer CD Projekt have been hacked in a ransomware attack, with data relating to upcoming titles allegedly stolen.  

CD Projekt is a Polish video game developer based in Warsaw, and is best known for titles such as The Witcher and Cyberpunk 2077. The company have stated that hackers gained access to its network, encrypted their data, stole confidential data concerning upcoming titles, and threatened to leak the data unless the ransom was paid. In a statement on Twitter, CD Projekt posted a copy of the ransom letter, which stated that they had 48 hours to comply with the hackers’ demands. As well as upcoming titles, data stolen also includes accounting, administration and investor relations, acknowledging that the company likely had backups to restore the data from.

Traditionally, ransomware attacks encrypt data on a system, and demand a ransom payment in exchange for the decryption key. However, if the victim has a recent backup to restore from, the scam falls apart, and the ransom isn’t paid. As businesses are becoming more aware of the growing threat of ransomware and are taking precautions like backing up, cybercriminals have had to come up with new ways to make money. Doxware, also known as extortionware, is a variation on traditional ransomware, and steals sensitive data, threatening to release it unless the ransom is paid. The term “doxing” refers to accessing private information about an individual or organisation, and cybercriminals behind doxware attacks typically spend time researching their victims.

In the case of CD Projekt, the attackers had clearly done their research; the developers are behind some of the most popular and highly anticipated games. The hackers claim to have stolen an unreleased version of The Witcher 3. At present, the hackers claim to have sold off the stolen data after halting an auction when an offer was received. The mystery buyer allegedly requested that the files not be sold to anyone else, and there has been some speculation that the identity of the buyer is CD Projekt themselves. Despite adamantly stating they would not pay the ransom, it’s possible they resorted to a backroom deal in order to keep away any further bad publicity.