Posted on June 12, 2021 at 6:05 PM
The hack on Cyberpunk 2077 developer took place four months ago. Now the company has confirmed that it has seen its data being circulated online.
The hack crippled some of the servers of CD Projekt Red, the videogame company responsible for the development of the two popular games.
The hackers, believed to be the HelloKitty gang, had access to the company’s internal network and stole certain important data, leaving a ransom note behind, according to the firm at the time.
Although the ransomware affected the company’s system, it was able to restore all systems from backups.
The threat actors stated that they had released full copies of the source code for the Witcher 3, Gwent, Cyberpunk 2077, and another unreleased version of The Witcher 3. They also admitted that they stole information about investor relations, HR, administration, and accounting at the time.
“Source codes will be sold or leaked online, and your documents will be sent to our contacts in gaming journalism,” the note from the hackers reads.
The threat actor also stated that the company’s refusal to meet its ransom demands will have a negative consequence of its investor confidence, stock price, and public image.
They also claimed that the leaked data will expose certain hidden facts about how bad the company is being run. These were said at the time the hacking incidence took place.
Ransomware fulfilled their threat promise
Now it seems they are now making good on their threats by leaking the stolen data to the public. CD Projekt Red, in an update posted recently, stated that its security team now has reasons to believe that the data stolen during the attack has been released online.
However, it stated that it has not yet verified which data is circulating. The company pointed out that the data could include details of both former and present employees. It said the data may also contain information relating to its games.
Additionally, CD Projekt noted that it’s not sure whether the released data has been tempered or manipulated after the breach.
The company said no matter how authentic the data turns out to be, it is determined to do everything possible to protect the privacy of its employees and other parties that may be involved.
“We are committed and prepared to take action against parties sharing the data in question,” CD Projekt reiterated.
Initially, the ransomware group released some of the company’s data shortly after the February attack. They exposed the unreleased version of The Witcher 3 as well as the source code for CyberPunk 2077 on a Russian-language darknet site.
A day after the data was announced, it was sold. However, cybersecurity experts could not verify the amount the data was sold, although the auction placed the asking price at $1 million.
But despite the massive exposure, CD Projekt Red has not received complaints from clients or employees that they were compromised.
The consequence of an exposed source code
Threat actors have already released more than 300GB of data belonging to CD Projekt Red on Payload.bin, a darknet site linked with the Babuk Locker ransomware.
When the source code of the games is released, it will enable fans to create game hacks and carry out all sorts of gimmicks to gain more ground against opponents. It will also enable them to develop custom features, which will be to the detriment of the competitive nature of the games, as some researchers have noted.
The Vice president of solutions architecture at Cerberus Sentinel commented on the issue. He stated that if the threat actors succeed in exfiltrating the source code for Cyberpunk 2077, it could lead to a more targeted exploit aimed at more gamers.
There has been an increasing menace of ransomware groups over the past few months, with the attackers using “double-extortion threats,” informing the victims to pay a specific ransom or risk exposing their data to the public.
Many of the threat groups also keep darknet sites and blogs used to post the stolen data if the victims did not meet their demands.