The video game developer behind the popular The Witcher series and Cyberpunk 2077 is now facing a major cybersecurity dilemma that sounds straight out of its latest sci-fi action game.
Polish developer CD Projekt Red announced earlier this week that its servers had been compromised by an “unknown actor,” which managed to gain unauthorised access to the company’s internal network to copy data before encrypting CD Projekt Red’s servers. Data copied by the hackers included source code and internal documents related to accounting, administration, legal, HR, and investor relations.
Hackers claimed that they specifically obtained source files for the games Cyberpunk 2077 and Gwent – a card game spin-off of The Witcher series. The malicious actors also claimed that they have the source code for an unreleased version of The Witcher 3: Wild Hunt, suspected to be for next-gen consoles.
The perpetrators sent CD Projekt Red a note along with the ransomware attack, giving the developer 48 hours to pay a ransom, lest the copied data be leaked online.
In response to the threat, CD Projekt Red said that it would "not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised date." The developer also said that it was taking measures “to mitigate the consequences of such a release, in particular by approaching any parties that may be affected."
The 48 hours have since passed, and the perpetrators seem to be making good on their threat. Twitter user and data security expert vx-underground reported that the copied data is already up for auction on the Russian hacking forum EXPLOIT. Reportedly, the hackers have set the starting bid at $1 million for the full cache of data.
Toms’ Hardware reported that the Gwent files have appeared on other forums such as 4chan, with the main download hosted on Mega. But it would appear that those forums are working to ensure that the code leak does not spread too much, as evidence suggests that the posts hosting the stolen files are being deleted.
CD Projekt Red has yet to respond to this threat, but Eurogamer reported that the company urged its former employees on social media to take precautions following the cyberattack.