Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label CD Projekt Red. Show all posts

CD Projekt Red Confirmed that its Data is Disseminated Online

 

The company alleges the hacked information stolen from the CD project is being distributed online. The company behind Cyberpunk 2077 and The Witcher 3 claim that they cannot verify the actual details of the information shared but they believe that the stolen data relates to their games, contractors, and both current and past employees. 

Earlier in this year, it faced a ransomware attack, which “gained access to our internal network, collected certain data belonging to CD PROJEKT Capital Group and left a ransom note,” by a threat group (which was considered to be the HelloKitty Gang), the company said. 

The ransomware encrypted the system for the organization too, but CD Projekt Red managed to restore all the data from the backup — making stolen data the actual problem. 

The threat of "double extortion" has been increased by Ransomware groups, with a warning that if the victims do not pay, they will Auction stolen data. Many also maintain sites with "name and shame" title that operators use to publish leaked victims' information who was not able to pay the ransom. 

And the cybercriminals stated that they had "dumped full copies" of Cyberpunk 2077's, Gwent's, Witcher 3's and Witcher's "unreleased version;" and acquired the sensitive company information about bookkeeping, administration, HR, investor relations, law, and more. 

“Source codes will be sold or leaked online, and your documents will be sent to our contacts in gaming journalism,” according to a note. 

In a late Thursday statement, CD Projekt Red stated that its security staff “now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the internet.” 

The report further states, “though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.” 

This incidence is not different after updated ransomware playbook 'breach, extract, encrypt, offer,' "Dirk Schrader, global security research Vice President at New Net Technologies (NNT), has remarked. However, he added, “It was some sort of luck on CD Projekt Red’s side that – as far as we know – no customer data was involved, because if so the story would have evolved in very different ways. ”

It is worth noting that ransomware gang has fulfilled its pledge to auction off the company's data beforehand, where in February on the well-known Russian-language underground forum 'Exploit' the source code for Cyberpunk 2077 and its previously unreleased version of Witcher 3 were allegedly on sale. 

The lot was sold one day later, and though cyber investigators established the presence of the auction, they could not check for the quantity or veracity of what was sold. The auction demanded an opening offer of $1 million.

Lately, threat actors posted approximately 300GB of data that reportedly belongs to the CD Projekt Red on the Payload.bin data leak site. 

“Digital Shadows has seen several attempts to either sell or expose data related to CD Projekt Red since February, with unconfirmed actors first trying to auction game and other internal company data on a well-known Russian language forum,” Sean Nikkel, senior cyber-threat intel analyst at Digital Shadows said. 

The company added, “regardless of the authenticity of the data being circulated — we will do everything in our power to protect the privacy of our employees, as well as all other involved parties. We are committed and prepared to take action against parties sharing the data in question.”

Developer of Cyberpunk 2077 Hit by Ransomware Attack

 

Ransomware turned into an inexorably critical danger all through 2020, as hackers continued to target hospitals and health care providers amid pandemic. A more modest pattern has additionally been brewing in the course of the most recent couple of months, with a rash of assaults on computer game organizations including big names like Ubisoft, Capcom, and Crytek. Presently the developer CD Projekt Red, which released the censured blockbuster Cyberpunk 2077 in December, is the most recent target. 

On Tuesday, CD Projekt Red uncovered that it had been the victim of a ransomware assault. “Some of our internal systems have been compromised,” the organization said in a statement presented on Twitter. The assailants encrypted a few PCs and took the information, however CD Projekt Red said it would not pay the ransom and that it was re-establishing its systems from backups. The incident comes as CD Projekt Red faced a long time of sustained criticism for its bug-ridden, overhyped Cyberpunk 2077 release. The game had numerous performance issues on various platforms, that is why Sony pulled it from the PlayStation Store and, alongside Microsoft, offered refunds to players. 

Despite the organization's recuperation efforts, it still faces potential fallout. The assailants obviously took source code for Cyberpunk 2077 as well as other CD Projekt Red games like Witcher 3, an unreleased version of Witcher 3, and Gwent, the digital Witcher card game. The assailants likewise say they took business data like investor relations, human resources, and accounting data. CD Projekt Red says there is no proof that client information was undermined in the breach.

“If we will not come to an agreement, then your source code will be sold or leaked online and your documents will be sent to our contacts in gaming journalism,” the attackers said in their ransom note. 

CD Projekt Red has released patches for Cyberpunk 2077 trying to improve the game's stability and do damage control. Yet, the organization faces a lawsuit from investors, accusing that it forced developers to work unreasonably overtime to finish the game, and criticism about its use of nondisclosure agreements to keep journalists from reporting accurately on the game's shortcomings prior to release.