The company alleges the hacked information stolen from the CD project is being distributed online. The company behind Cyberpunk 2077 and The Witcher 3 claim that they cannot verify the actual details of the information shared but they believe that the stolen data relates to their games, contractors, and both current and past employees.
Earlier in this year, it faced a ransomware attack, which “gained access to our internal network, collected certain data belonging to CD PROJEKT Capital Group and left a ransom note,” by a threat group (which was considered to be the HelloKitty Gang), the company said.
The ransomware encrypted the system for the organization too, but CD Projekt Red managed to restore all the data from the backup — making stolen data the actual problem.
The threat of "double extortion" has been increased by Ransomware groups, with a warning that if the victims do not pay, they will Auction stolen data. Many also maintain sites with "name and shame" title that operators use to publish leaked victims' information who was not able to pay the ransom.
And the cybercriminals stated that they had "dumped full copies" of Cyberpunk 2077's, Gwent's, Witcher 3's and Witcher's "unreleased version;" and acquired the sensitive company information about bookkeeping, administration, HR, investor relations, law, and more.
“Source codes will be sold or leaked online, and your documents will be sent to our contacts in gaming journalism,” according to a note.
In a late Thursday statement, CD Projekt Red stated that its security staff “now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the internet.”
The report further states, “though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.”
This incidence is not different after updated ransomware playbook 'breach, extract, encrypt, offer,' "Dirk Schrader, global security research Vice President at New Net Technologies (NNT), has remarked. However, he added, “It was some sort of luck on CD Projekt Red’s side that – as far as we know – no customer data was involved, because if so the story would have evolved in very different ways. ”
It is worth noting that ransomware gang has fulfilled its pledge to auction off the company's data beforehand, where in February on the well-known Russian-language underground forum 'Exploit' the source code for Cyberpunk 2077 and its previously unreleased version of Witcher 3 were allegedly on sale.
The lot was sold one day later, and though cyber investigators established the presence of the auction, they could not check for the quantity or veracity of what was sold. The auction demanded an opening offer of $1 million.
Lately, threat actors posted approximately 300GB of data that reportedly belongs to the CD Projekt Red on the Payload.bin data leak site.
“Digital Shadows has seen several attempts to either sell or expose data related to CD Projekt Red since February, with unconfirmed actors first trying to auction game and other internal company data on a well-known Russian language forum,” Sean Nikkel, senior cyber-threat intel analyst at Digital Shadows said.
The company added, “regardless of the authenticity of the data being circulated — we will do everything in our power to protect the privacy of our employees, as well as all other involved parties. We are committed and prepared to take action against parties sharing the data in question.”