The controversy tornado of Cyberpunk 2077 and CD Projekt RED just keeps on spinning. Now, there’s reports that CD Projekt RED has been hacked, and is refusing to pay the ransom. Yes really, the same company that had a major vulnerability inside the DLLs of Cyberpunk 2077 has been hacked themselves. The mechanism of the breach was not disclosed.
The company said that “an unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD Projekt capital group and left a ransom note the content of which we will release to the public.”
Adding to the urgency of the situation, the attackers claimed to have gained copies of source code for Gwent, The Witcher 3, Cyberpunk 2077, as well as“documents related to accounting, administration, legal, HR, investor relations and more.” The hackers threatened to leak or sell the data and leak the internal documents where they can.
It should be obvious, but CDPR is calling their bluff and is refusing to pay the ransom. “We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” CD Projekt RED wrote in response.
Anyone who is hoping to get the source code should be wary and not seek it out. Not only are there legal implications afoot here, assuming the source leaks are real, but situations like this are a goldmine for hackers to push malware masquerading as code projects or other files. Don’t go seeking this stuff out.
Here’s CDPR’s statement about the hack:
Having CD Projekt RED hacked is a pretty bad situation. The company has formally acknowledged the breach and is working on fixing it. “We have already secured our IT infrastructure and begun restoring the data”, said the company in a statement. So it looks like things are as OK as can be expected for them.
The company even released the ransom note it allegedly received, and it’s a real hoot. When a ransom note starts with “Your have been EPICALLY pwned!!,” you know you’re in for a good read. The note demands ransom for the stolen files, and threatens to sell or release source code to the public.