Cyberpunk 2077 Hacked Data Circulating Online

New data from the February hack of CD Projekt Red, the videogame-development company behind Cyberpunk 2077 and the Witcher series, is circulating online.

Earlier this year, the company suffered a ransomware attack in which a cyberattack group (believed by some to be the HelloKitty gang) “gained access to our internal network, collected certain data belonging to CD PROJEKT Capital Group and left a ransom note,” the company said at the time.

The ransomware also encrypted the company’s systems, but CD Projekt Red was able to restore everything from backup – leaving the real issue to be the stolen data.

Ransomware gangs have doubled down on the increasingly common “double-extortion” threat, saying they will auction stolen data if victims don’t pay. Many also maintain “name and shame” blogs – used by operators to post leaked data from victims that refused to send over a ransom.

And indeed, in the CD Projekt Red ransom note (also tweeted out), the cybercriminals said that they had “dumped full copies” of the source code for Cyberpunk 2077, Gwent, the Witcher 3 and an “unreleased version” of the Witcher 3; and, stolen sensitive corporate information relating to accounting, administration, HR, investor relations, legal and more.

“Source codes will be sold or leaked online, and your documents will be sent to our contacts in gaming journalism,” according to the note, which went on to say that not paying up has an impact to the company’s public image, stock price and investor confidence. The attackers claimed that the information will expose how terribly the company is run.

Now, four months later, the crooks seem to be making good on their promise regarding the information. In an update posted late Thursday, CD Projekt Red said that its security staff “now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the internet.”

It added that it’s in the process of clarifying just which data is being circulated, “though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.”

IMPORTANT UPDATE

Read more: https://t.co/qd6sc5VF3I pic.twitter.com/kKi1GkIaLO

— CD PROJEKT RED (@CDPROJEKTRED) June 10, 2021

The company added, “regardless of the authenticity of the data being circulated — we will do everything in our power to protect the privacy of our employees, as well as all other involved parties. We are committed and prepared to take action against parties sharing the data in question.”

Source Code Was Previously Auctioned

It should be noted that ransomware gang apparently previously made good on its promise to auction off the company’s data, when source code for Cyberpunk 2077 and the aforementioned unreleased version of the Witcher 3 was put up for sale in February on the well-known Russian-language underground forum “Exploit.”

It was sold a day later, and while cyber-researchers confirmed the auction’s existence, they were unable to verify the amount the lot sold for, or the veracity of what was being sold. The auction asked for $1 million opening bids.

Release of the source code would allow fans to develop game hacks and perform all kinds of “modding” (i.e., development of custom features) and jailbreaks; and would be a gift to competitors.

And, “if the attackers were able to exfiltrate source code for the popular Cyberpunk 2077 and Witcher games it could lead to more targeted exploit development aimed at a widespread player base,” said Chris Clements, vice president of solutions architecture at Cerberus Sentinel said at the time.

Download our exclusive FREE Threatpost Insider eBook, “2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!