CD Projekt Red hit with ransomware attack, hackers threaten to release Cyberpunk 2077...

midian182

Posts: 6,672   +59
Staff member
What just happened? CD Projekt Red, developer of Cyberpunk 2077 and The Witcher series, has been hit by a ransomware attack. The perpetrators are threatening to leak or sell the source codes to its biggest games and send documents relating to accounting, administration, legal, HR, investor relations, and more to their "contacts in gaming journalism."

CDPR revealed the attack and ransom note on Twitter a few hours ago. The hackers claim to have stolen source code for Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of The Witcher 3. They also managed to encrypt some devices in the company's internal network, though the backups are intact and CDPR has started restoring data.

The ransom note boasts, "Your have been EPICALLY pwned!!" It warns that should the stolen information be leaked, "your public image will go down the shitter even more and people will see how your shitty company functions. Investors will lose trust in your company and the stock will dive even lower!"

The hackers don't reveal their terms but did give CDPR 48 hours to contact them. The Polish firm has assured players and service users that none of their personal details were stored on the compromised systems.

CD Projekt Red writes that it has no intentions of giving in to the hackers' demands or negotiating with them, and is taking steps to mitigate any damage caused by a data leak. It has contacted law enforcement and IT forensic specialists to investigate the incident.

A recent report showed ransomware attacks in which criminals threaten to release sensitive information if their demands aren't met increased 20 percent in the fourth quarter. As the data is often leaked even if the victims agree to terms, many companies refuse to pay and deal with the consequences, as seems to be the case here.

Permalink to story.

 

RedBlu

Posts: 30   +32
I always wonder in these situations who screwed up opsec. It's almost never a zeroday exploit. Did IT forget to patch a server? Did some senior staff use a stupidly simple password? Did the secretary plug in a USB stick she found in the carpark? Did a dev get unlimited elevated user privileges?
 

Lew Zealand

Posts: 1,777   +1,907
TechSpot Elite
I always wonder in these situations who screwed up opsec. It's almost never a zeroday exploit. Did IT forget to patch a server? Did some senior staff use a stupidly simple password? Did the secretary plug in a USB stick she found in the carpark? Did a dev get unlimited elevated user privileges?

I'm under the impression that a lot of ransomware is social engineering. Convince an employee to open an attachment in a well-crafted email which deploys the ransomware. If that employee has elevated access to valuable company data, then you get what happened to CDPR here.

They can encrypt it and hope you don't have backups, or they can hold the information hostage if it's unique/private information, like in this case.
 

Dennis83

Posts: 24   +21
I always wonder in these situations who screwed up opsec. It's almost never a zeroday exploit. Did IT forget to patch a server? Did some senior staff use a stupidly simple password? Did the secretary plug in a USB stick she found in the carpark? Did a dev get unlimited elevated user privileges?
yes it is pretty embarrassing for opsec if it actually exists at CDPR. Security is something not taken seriously again and again because it only causes costs all the time and that there is a return on investment is only found out when it is too late like now.

Given the amount of bug the game had so far I suppose the ransom won't be worth paying for.
 

RedBlu

Posts: 30   +32
I'm under the impression that a lot of ransomware is social engineering. Convince an employee to open an attachment in a well-crafted email which deploys the ransomware. If that employee has elevated access to valuable company data, then you get what happened to CDPR here.

Aye, spear-/fishing. But this is still an organizational/IT failure. None of the endusers at my work have escalated privileges. I got a new work laptop due to our new corona-related mobile computing paradigm last month and they gave me temporary (24h) elevated privileges to install whatever software/drivers I needed that weren't in the company deployment platform. I couldn't touch the firewall, AV, or general permissions.

Safety and security are always a stack of Swiss cheese. You try to minimize the risk (holes) and maximize the redundancy (layers) so that nothing gets through.
 

Lew Zealand

Posts: 1,777   +1,907
TechSpot Elite
I think the issue comes in not with elevated access to company computer infrastructure, but many programmers need access to some/most/all of the game assets to do their job coding/fixing bugs, etc. Which sounds like what happened here. No customer data lost, but ransomware access to CP2077 and Witcher assets.
 

Nobina

Posts: 2,993   +2,780
I am rooting for their health. Cyberpunk is pretty good, but I really really need Witcher 4.
Be careful what you wish for. 9 times out of 10 it's better to end the franschise on a high note than force another installment for money and ruin everything. I've seen it happen too many times.
 

terzaerian

Posts: 800   +1,133
I am rooting for their health. Cyberpunk is pretty good, but I really really need Witcher 4.
CDPR is pretty much the last player in the industry that doesn't make me want to projectile vomit whenever I hear news about them, so I agree. Obsidian and Bethesda both sold out to MS and are probably doomed to become Xbox exclusive mills, Volition decided it didn't give a **** about developing its most successful franchise anymore, and Paradox's Colossal Order has been dependably cranking out DLC for Skylines but little else and Valve is, well, Valve. If everyone else perished in a fire, I wouldn't care.
 

jpuroila

Posts: 323   +181
Aye, spear-/fishing. But this is still an organizational/IT failure. None of the endusers at my work have escalated privileges. I got a new work laptop due to our new corona-related mobile computing paradigm last month and they gave me temporary (24h) elevated privileges to install whatever software/drivers I needed that weren't in the company deployment platform. I couldn't touch the firewall, AV, or general permissions.

Safety and security are always a stack of Swiss cheese. You try to minimize the risk (holes) and maximize the redundancy (layers) so that nothing gets through.
"Elevated access" in this context doesn't mean admin rights on workstation, but read and write access to whatever data was encrypted/stolen. Even a normal user can download and execute suspicious programs from the internet; you can easily check this yourself by downloading a portable version of Firefox(for example).

Obviously there's still a failure SOMEWHERE, but I'd be surprised if it was on the level of "a random user had the admin rights to our production servers".