What just happened? CD Projekt Red, developer of Cyberpunk 2077 and The Witcher series, has been hit by a ransomware attack. The perpetrators are threatening to leak or sell the source codes to its biggest games and send documents relating to accounting, administration, legal, HR, investor relations, and more to their "contacts in gaming journalism."
CDPR revealed the attack and ransom note on Twitter a few hours ago. The hackers claim to have stolen source code for Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased version of The Witcher 3. They also managed to encrypt some devices in the company's internal network, though the backups are intact and CDPR has started restoring data.
The ransom note boasts, "Your have been EPICALLY pwned!!" It warns that should the stolen information be leaked, "your public image will go down the shitter even more and people will see how your shitty company functions. Investors will lose trust in your company and the stock will dive even lower!"
Important Update pic.twitter.com/PCEuhAJosR— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
The hackers don't reveal their terms but did give CDPR 48 hours to contact them. The Polish firm has assured players and service users that none of their personal details were stored on the compromised systems.
CD Projekt Red writes that it has no intentions of giving in to the hackers' demands or negotiating with them, and is taking steps to mitigate any damage caused by a data leak. It has contacted law enforcement and IT forensic specialists to investigate the incident.
A recent report showed ransomware attacks in which criminals threaten to release sensitive information if their demands aren't met increased 20 percent in the fourth quarter. As the data is often leaked even if the victims agree to terms, many companies refuse to pay and deal with the consequences, as seems to be the case here.