CD Projekt Red hit with ransomware attack, hackers threaten to release Cyberpunk 2077...

midian182

midian182

Posts: 9,714   +121
Staff member
What just happened? CD Projekt Red, developer of Cyberpunk 2077 and The Witcher series, has been hit by a ransomware attack. The perpetrators are threatening to leak or sell the source codes to its biggest games and send documents relating to accounting, administration, legal, HR, investor relations, and more to their "contacts in gaming journalism."

CDPR revealed the attack and ransom note on Twitter a few hours ago. The hackers claim to have stolen source code for Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of The Witcher 3. They also managed to encrypt some devices in the company's internal network, though the backups are intact and CDPR has started restoring data.

The ransom note boasts, "Your have been EPICALLY pwned!!" It warns that should the stolen information be leaked, "your public image will go down the shitter even more and people will see how your shitty company functions. Investors will lose trust in your company and the stock will dive even lower!"

The hackers don't reveal their terms but did give CDPR 48 hours to contact them. The Polish firm has assured players and service users that none of their personal details were stored on the compromised systems.

CD Projekt Red writes that it has no intentions of giving in to the hackers' demands or negotiating with them, and is taking steps to mitigate any damage caused by a data leak. It has contacted law enforcement and IT forensic specialists to investigate the incident.

A recent report showed ransomware attacks in which criminals threaten to release sensitive information if their demands aren't met increased 20 percent in the fourth quarter. As the data is often leaked even if the victims agree to terms, many companies refuse to pay and deal with the consequences, as seems to be the case here.

Permalink to story.

https://www.techspot.com/news/88572-cd-projekt-red-hit-ransomware-attack-hackers-threaten.html

 
I always wonder in these situations who screwed up opsec. It's almost never a zeroday exploit. Did IT forget to patch a server? Did some senior staff use a stupidly simple password? Did the secretary plug in a USB stick she found in the carpark? Did a dev get unlimited elevated user privileges?
 
  • Like
Reactions: lipe123
RedBlu said:
I always wonder in these situations who screwed up opsec. It's almost never a zeroday exploit. Did IT forget to patch a server? Did some senior staff use a stupidly simple password? Did the secretary plug in a USB stick she found in the carpark? Did a dev get unlimited elevated user privileges?
Click to expand...

I'm under the impression that a lot of ransomware is social engineering. Convince an employee to open an attachment in a well-crafted email which deploys the ransomware. If that employee has elevated access to valuable company data, then you get what happened to CDPR here.

They can encrypt it and hope you don't have backups, or they can hold the information hostage if it's unique/private information, like in this case.
 
  • Like
Reactions: terzaerian
RedBlu said:
I always wonder in these situations who screwed up opsec. It's almost never a zeroday exploit. Did IT forget to patch a server? Did some senior staff use a stupidly simple password? Did the secretary plug in a USB stick she found in the carpark? Did a dev get unlimited elevated user privileges?
Click to expand...
yes it is pretty embarrassing for opsec if it actually exists at CDPR. Security is something not taken seriously again and again because it only causes costs all the time and that there is a return on investment is only found out when it is too late like now.

Given the amount of bug the game had so far I suppose the ransom won't be worth paying for.
 
  • Like
Reactions: terzaerian
Lew Zealand said:
I'm under the impression that a lot of ransomware is social engineering. Convince an employee to open an attachment in a well-crafted email which deploys the ransomware. If that employee has elevated access to valuable company data, then you get what happened to CDPR here.
Click to expand...

Aye, spear-/fishing. But this is still an organizational/IT failure. None of the endusers at my work have escalated privileges. I got a new work laptop due to our new corona-related mobile computing paradigm last month and they gave me temporary (24h) elevated privileges to install whatever software/drivers I needed that weren't in the company deployment platform. I couldn't touch the firewall, AV, or general permissions.

Safety and security are always a stack of Swiss cheese. You try to minimize the risk (holes) and maximize the redundancy (layers) so that nothing gets through.
 
  • Like
Reactions: Reehahs and terzaerian
I think the issue comes in not with elevated access to company computer infrastructure, but many programmers need access to some/most/all of the game assets to do their job coding/fixing bugs, etc. Which sounds like what happened here. No customer data lost, but ransomware access to CP2077 and Witcher assets.
 
  • Like
Reactions: terzaerian
Prosercunus said:
I am rooting for their health. Cyberpunk is pretty good, but I really really need Witcher 4.
Click to expand...
Be careful what you wish for. 9 times out of 10 it's better to end the franschise on a high note than force another installment for money and ruin everything. I've seen it happen too many times.
 
  • Like
Reactions: arrowflash
Prosercunus said:
I am rooting for their health. Cyberpunk is pretty good, but I really really need Witcher 4.
Click to expand...
CDPR is pretty much the last player in the industry that doesn't make me want to projectile vomit whenever I hear news about them, so I agree. Obsidian and Bethesda both sold out to MS and are probably doomed to become Xbox exclusive mills, Volition decided it didn't give a **** about developing its most successful franchise anymore, and Paradox's Colossal Order has been dependably cranking out DLC for Skylines but little else and Valve is, well, Valve. If everyone else perished in a fire, I wouldn't care.
 
RedBlu said:
Aye, spear-/fishing. But this is still an organizational/IT failure. None of the endusers at my work have escalated privileges. I got a new work laptop due to our new corona-related mobile computing paradigm last month and they gave me temporary (24h) elevated privileges to install whatever software/drivers I needed that weren't in the company deployment platform. I couldn't touch the firewall, AV, or general permissions.

Safety and security are always a stack of Swiss cheese. You try to minimize the risk (holes) and maximize the redundancy (layers) so that nothing gets through.
Click to expand...
"Elevated access" in this context doesn't mean admin rights on workstation, but read and write access to whatever data was encrypted/stolen. Even a normal user can download and execute suspicious programs from the internet; you can easily check this yourself by downloading a portable version of Firefox(for example).

Obviously there's still a failure SOMEWHERE, but I'd be surprised if it was on the level of "a random user had the admin rights to our production servers".
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
CD Projekt Red starts The Witcher 4 in earnest, shifting two-thirds of its resources to preproduction
Replies
21
Views
239
maroon1
maroon1
midian182
CD Projekt says Witcher 4 production phase to start this year, AI will play a role in...
Replies
10
Views
250
poohbear
P
Bubbajim
CD Projekt Red rules out microtransactions for single player games
Replies
20
Views
180
RandomWAN
R

Latest posts

Back