Ransomware has become a a growing threat throughout 2020, as hackers continued to target hospitals and healthcare providers in the midst of a pandemic. A smaller trend has emerged in recent months as well, with an eruption of attacks on video game companies, including Ubisoft, Capcom and Crytek. Now the developer of CD Projekt Red, which released the slandered blockbuster 2077. Cyberpunk in December, it is the last target.
On Tuesday, CD Projekt Red revealed that it was the victim of a ransomware attack. “Some of our internal systems have been compromised,” the company said in a statement statement posted on Twitter. The attackers encrypted some computers and stole data, but CD Projekt Red said it would not pay the ransom and would restore its backup systems. The incident comes as CD Projekt Red faces months of sustained criticism for errors, overloaded 2077. Cyberpunk release. The game had so many performance issues on various platforms that Sony took it out of the PlayStation Store and, along with Microsoft, offered refunds to players.
Despite the company’s recovery efforts, it continues to face potential consequences. It seems that the attackers stole the source code not only 2077. Cyberpunk but other CD Projekt Red games as well Witcher 3, an unpublished version of Witcher 3, and Gwent, the digital card game Witcher. The attackers also say they stole business information, such as investor relations, human resources and accounting data. CD Projekt Red says there is no evidence that customer data was compromised in the breach.
“If we do not reach an agreement, then your source code will be sold or leaked online and your documents will be sent to our contacts in gaming journalism,” the attackers said in their redemption note. “Your public image will go even lower.”
CD Projekt Red has released patches for 2077. Cyberpunk in an attempt to improve the stability of the game and control the damage. But the company faces a lawsuit from investors, allegations that it forced developers to work unreasonably overtime to end the game, and criticism of using non-disclosure agreements to prevent journalists from accurately reporting game deficiencies before launch.
The company says the attackers are not yet identified, but the ransom note and its file name, “read_me_unlock.txt”, are familiar to researchers at the antivirus company Emsisoft.
“This attack appears to involve a type of ransomware called HelloKitty, as the style and convention of naming the note are consistent,” says Emsisoft threat analyst Brett Callow, adding that it is impossible to say for sure without looking at the malware itself. . “The group behind HelloKitty is not frequent and the most notable victim so far is the Brazilian electricity company, CEMIG.” CD Projekt Red did not return a request for comment from WIRED.
Theories vary as to why the attackers targeted CD Projekt Red.
“I see it more as an opportunistic attack, or maybe even revenge and malice,” says independent security researcher Tony Robinson. “Ransomware operators are motivated by money, but CDPR has promised a lot of things and failed to fulfill them, and there may be some who are just self-righteous and want to hurt them.”
Callow from Emsisoft says he sees no evidence so far that recent game-related ransomware attacks are connected or part of a specific targeting trend.
“I could be wrong, but I suspect that a number of game developers have been hit by ransomware in recent months is nothing more than a coincidence, which happens from time to time,” he says.