[ad_1]
Earlier this week, CD Projekt Red announced that it had been hit by a ransomware attack that allegedly exposed the source code of games, including Cyberpunk 2077, Gwent, and The Witcher 3. Now, security experts are reporting that the source code was auctioned off on a dark web forum, apparently for millions of dollars.
VX Underground, which tracks ransomware and other malware attacks, noted Wednesday that the source code for the ransom was posted on a dark web forum called EXPLOIT. The starting bid would have been $ 1 million, with a bid increase of $ 500,000 and a purchase price of $ 7 million.
Cyber intelligence firm KELA has confirmed the authenticity of this auction, telling The Verge that forum users need to put in 0.1 BTC (approximately $ 4,700 at the time of writing) to participate at the call for tenders, a sign that the offers were legitimate. The sellers also reportedly provided file listings for Gwent and the red engine behind the CDPR sets as proof that the data was genuine.
While the auction was originally scheduled to last 48 hours, Thursday morning KELA and VX Underground were both report that it had been successfully closed. “An offer was received outside of the forum that we were happy with,” the sellers wrote, according to the reports.
KELA threat intelligence analyst Victoria Kivilevich told IGN the stolen data was sold in a single package. The sellers also reportedly threatened on separate forums from the Dark Web that the CDPR would now have “a lot of interest [sic] living things on their accounts [sic]”if they do not close the auction by paying the ransom.
CDPR said on Monday that documents “relating to accounting, administration, legal, human resources, investor relations, etc.” were caught as part of the attack, adding that “we will not give in to demands or negotiate with the actor, being aware that this may eventually lead to the release of the compromised data.”
Security experts analyze ransom note shared by CDPR have identified a hacking group known as HelloKitty as the likely culprit for the ransomware attack. This same group would be late ransomware attack on Brazilian utility CEMIG, among others, at the end of last year.
The raw source code of a game, used to create the executable files distributed to players, is generally considered to be one of a developer’s most valuable trade secrets. In 2003, the leak of the source code of Valve then unpublished Half Life 2 led to the arrest of a German hacker. More recently, a large slice of source code for classic Nintendo games has been uploaded as part of a so-called “Gigaleak”.
Peter Groucutt, managing director of IT Protection Databarracks, said this type of “Double Extortion” ransomware attack (where data is stolen and also locked behind an encryption key) could pose a growing threat to businesses at popular intellectual property. “Ransomware originally sought to simply cripple a business [and] victims with robust backups might refuse to pay the ransom and restore their data from backups, “he said.” The difference between this attack and other Double Extortion attacks is that the exfiltrated data was a very strong IP. precious. Even if you don’t pay, criminals can still make a lot of money selling intellectual property. If these attacks are successful, we could see a shift towards organizations with the most valuable data. “
A recent report by cybersecurity analytics firm Coveware found that total ransomware attack payments declined slightly in the fourth quarter of 2020, after rising steadily in previous years as more companies refused to pay. A growing number of these attacks now include online data leak threats, according to Coveware, and hackers often release stolen data even if the desired ransom is paid.
[ad_2]
Source link