Stolen CD Projekt Red Files Reportedly Sold After Dark Web Auction

Files stolen from CD Projekt Red in a ransomware attack revealed earlier this week have now reportedly been sold in a dark web auction. ) reports that an auction set up to sell the files has now closed after a “good bid” was made from outside the forum it was on. This offer would stipulate that the code will not be distributed or sold further. Cyber ​​security account vx-underground also said he heard that the sale was done.

Justin: #CDProjektRed AUCTION IS CLOSED #Hackers auctioned the stolen source code for the #RedEngine and #CDPR the game releases, and have just announced that a satisfactory offer from outside the forum has been received, on the condition of no longer distributing or selling. pic.twitter.com/4Z2zoZlkV6

– KELA (ntIntel_by_KELA) February 11, 2021

Have you played Cyberpunk 2077?

YESNO

Speaking to IGN, Victoria Kivilevich, threat intelligence analyst at KELA, explained that it appears all of the stolen files – which apparently include Cyberpunk 2077 source code, multiple versions of The Witcher 3, and Gwent – have been sold in one package. It is not known who the buyer is or what he intends to do with the files at the time of writing.

It is also not known at what price the files were sold, but yesterday’s reports indicated an initial purchase price of $ 7 million. Kivilevich provided IGN with a translated screenshot of the forum, dated February 10, in which the seller said that CD Projekt would have to pay the “blitz (initial purchase fee) because of the sensitive data in the files.” Of course, at the moment we cannot verify whether this is true. CD Projekt has publicly stated that it will not pay the ransom.

A reported screenshot of the now closed auction feed.

In a report aided by KELA yesterday, The Verge explained that the auction required a deposit to enter (intended to show potential buyers that this was not a fraudulent auction), with auctions starting at $ 1,000,000, increasing in increments of $ 500,000. Vx-underground also reported that the source code (or at least fragments of source code) for Gwent had been released, which could have been further proof that the files were in hand prior to the auction.

Although still unconfirmed, several cybersecurity experts have reported the ransomware attack from a group called HelloKitty, based on the title and content of the ransom note released by CD Projekt after the hack.

The number of people who think this was done by a disgruntled player is laughable. Judging by the ransom note that was shared, this was done by a ransomware group that we track as “HelloKitty”. It has nothing to do with disgruntled gamers and it’s just your average ransomware. https://t.co/RYJOxWc5mZ

– Fabian Wosar (@fwosar) February 9, 2021

IGN has contacted CD Projekt for comment.

Joe Skrebels is IGN’s News Editor. Follow him on Twitter. Any advice to give us? Want to discuss a possible story? Please send an email to [email protected].