Posted on February 12, 2021 at 2:44 PM
Witcher 3 and Cyberpunk 2077 Hacker Sells Data To Unknown Buyer
After developers of Cyberpunk 2077 refused to meet the ransomware demands of their hacked source code, it seems the hackers have succeeded in selling off their loot.
Although the hackers put up the data for auction on a hacking forum, they canceled the auction after reportedly getting buying offers elsewhere.
The developers, who also created the CD Projekt, revealed recently that a group of hackers has breached its servers and accessed a range of data.
Apart from stealing the source codes for Cyberpunk 2077, the hackers allegedly stole the unreleased version of The Witcher 3, as well as other important documents.
The hacker produced a note that accompanied the hack, giving the victim 2 days to meet up to their ransom demands. The stolen source codes and documents contain information about investor relations, HR, legal, administration, and accounting information. The threat added that the data will be released online if the developers didn’t pay up the agreed ransom demands.
CD Projekt pledged on strong terms that it will not negotiate with any threat actor or accept paying the ransom demands.
The company also states that it’s looking to determine the consequence to the firm when such files are released.
Data can be used in different ways
It’s not possible to read source code from a game disc since it doesn’t carry instructions on how the game was originally written after its compilation and conversion.
However, it’s possible to compile and redistribute the game if a person gets hold of the original source code. They can also modify the game using the original source code to change the game’s functionality.
These buying the data can also obtain the source code to understand how the original company engineered different mechanics in the game. As a result, a competitor can use the source code to develop or augment their own game. However, it’s very risky to follow this route due to the high legal implications. So, no one is sure how the alleged buyer wants to use the stolen data.
$7 million set for the sale of the entire data
The hackers placed the auction with a starting price of $1 million, with an option for any interested person to get the entire data for $7 million. The hackers initially stated a starting bid for the auction as $1kk, but later posted an update stating they it was a mistake. They then corrected the starting bid to $1,000,000, while the price for the entire price was placed at $7,000,000.
While the hackers may have sold the data, it’s unclear who bought the files or how much they eventually paid for them.
The studio was able to restore some data
The report claimed that the hackers planted their ransomware and locked some devices on the CDPR’s network. However, the studio succeeded in restoring some of the data by running backups. The studio also revealed that the personal data of its users and players were not impacted by the breach, based on its investigation.
Cybersecurity company Kela shared screenshots of a post from the darknet forum posted by the threat actors, who admitted that offers have been received for the stolen data.
The threat actors also stated that the buyer asked them to end the auction of the files and negotiations between them have already started.
There were several confirmations, including from several cybersecurity firms, showing that the action on the darknet forum had closed.
Hackers allegedly deployed HelloKitty Ransomware
While the public name of the hackers was not included in the official report, security researchers stated that they probably used the HelloKitty ransomware to infiltrate the studio’s servers. The ransomware had been utilized in the past to compromise a Brazilian power firm known as CEMIG.
When CD Projekt Red was contacted for more information about the incident, the company didn’t immediately respond to requests. However, the CD Projekt sent an update tweet, recommending that former employees should take precautions even though there’s no evidence that their data have been accessed.