- Join BJ's Wholesale Club for just $20 and save on holiday shopping
- The best Black Friday Sam's Club deals 2024: Sales available now
- The TCL Q65 98-inch TV is just $1,600 at Amazon for Black Friday
- New York Secures $11.3m from Insurance Firms in Data Breach Settlement
- Not Ready For AI? Time To Lay The Groundwork
CD Projekt Red game maker discloses ransomware attack
The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher, has disclosed a ransomware attack.
The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher series, has suffered a ransomware attack.
The company confirmed the security breach with a series of messages on its social media channels (Facebook and Twitter).
Important Update pic.twitter.com/PCEuhAJosR
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
The attack took place on February 8, a threat actor breached its corporate network and encrypted some of its devices.
“Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.” reads a statement published by the company.
“An unidentified actor gained unauthorized access to our internal network, collected certain data belong to CD PROJEKT capital group and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data,”
According to BleepingComputer, the attack was conducted by a ransomware group named HelloKitty, which claimed to have stolen copies of the source code for popular games like Cyberpunk 2077, Gwent, and The Witcher 3.
Emisoft’s expert Fabian Wosar confirmed that the systems of the game maker were infected with a ransomware strain dubbed ‘HelloKitty.’
The amount of people that are thinking this was done by a disgruntled gamer is laughable. Judging by the ransom note that was shared, this was done by a ransomware group we track as “HelloKitty”. This has nothing to do with disgruntled gamers and is just your average ransomware. https://t.co/RYJOxWc5mZ
— Fabian Wosar (@fwosar) February 9, 2021
The group also claims to have obtained a copy of an unreleased version of The Witcher 3 game.
CD PROJEKT RED reported the incident to the police and relevant authorities, including the President of the Personal Data Protection Office, it also hired IT forensic specialists to investigate the intrusion.
The gaming firm confirmed that it wouldn’t be paying any ransom demand.
“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” the company adds.
The company revealed that the compromised systems did not contain players’ personal data.
Recently other prominent gaming firms were victims of a ransomware attack, including Ubisoft and Crytek (hit by Egregor ransomware gang), and Capcom (hit by the Ragnar Locker).
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Pierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine