Cyberpunk 2077 developer victim of ransomware attack

Cyberpunk 2077 Developer CD Projekt Red announced that it had “become the victim of a targeted cyberattack” that allegedly exposed the source code of several of its games.

In a post the developer shared on Twitter On Tuesday morning, hackers claim they stole closely guarded source code for Cyberpunk 2077, Gwent, and The Witcher 3 (including an unreleased prototype of the latter). Documents “relating to accounting, administration, legal, human resources, investor relations and more” were also said to have been compromised.

While hackers have apparently used ransomware software to lock CDPR out of parts of its systems, the company says it should be able to restore data access through backups. The company also remained defiant in the face of an unspecified ransom demand, saying it would not negotiate, despite threats to disclose the stolen data. “We will not give in to demands or negotiate with the actor, knowing that this may eventually lead to the disclosure of the compromised data,” the company wrote. The request was accompanied by a 48 hour deadline.

The CDPR states that “to our knowledge, the compromised systems did not contain any personal data of our players or users of our services”. This sets this attack apart from a recent ransomware attack on Capcom, in which customers at the Capcom store, employees and esports team members were among the groups that were able to have their personal information revealed to hackers.

The raw source code of a game, which is used to create the executable files distributed to players, is generally considered to be one of a developer’s most valuable trade secrets. In 2003, the leak of the source code of Valve then unpublished Half Life 2 led to the arrest of a German hacker. More recently, much of the source code for classic Nintendo games has been uploaded as part of a so-called “Gigaleak”.

A recent report by cybersecurity analysis firm Coveware found that total ransomware attack payments declined slightly in the fourth quarter of 2020, after rising steadily in previous years, as more companies refused to pay. . A growing number of these attacks now include online data breach threats, according to Coveware, and hackers often publish this data even after the desired ransom has been paid.