CD Projekt Red Can’t Catch a Break
The company that brought us The Witcher games and then dropped the ball on Cyberpunk 2077 now has another problem on its plate: according to dark web monitoring organization KELA, the files that were stolen from the Polish game company during a ransomware attack have been sold in a dark web auction. It’s unclear who the buyer is, what their intentions for the files are, or even how much they paid for their purchase, though IGN claims that reports from yesterday indicate a purchase price of $7 million. Since the theft involved the source code for Cyberpunk 2077, multiple versions of The Witches, and Gwent, that can’t be good for CD Projekt Red to hear.
Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfying offer from outside the forum was received, with the condition of no further distribution or selling. pic.twitter.com/4Z2zoZlkV6
— KELA (@Intel_by_KELA) February 11, 2021
Victoria Kivilevich, a threat intelligence analyst at KELA, claims that the stolen files were all sold in a single package. She also provided IGN with: “a translated screenshot of a separate forum, XSS, dated February 10, in which the purported seller, redengine says CD Projekt should pay the ‘blitz’ (upfront purchase fee) because of sensitive data contained in the files.”
CD Projekt Red has publicly refused to pay any ransom. The company has already been in the news for lawsuits filed against it by its own investors, the Polish authorities conducting an investigation, and an apology for Cyberpunk 2077‘s botched release. While it’s tempting to assume the ransomware attack was carried out by disgruntled gamers upset about Cyberpunk 2077, IGN reports that multiple cybersecurity specialists are suggesting the attack was carried out by “a group called HelloKitty, based on the title and contents of the ransom note posted by CD Projekt following the hack.”
Let’s hope things look up for CD Projekt Red soon. They’re having a rough time of it.
Were you affected by the ransomware attack? Let us know down in the comments, or hit us up on Twitter or Facebook.