Ransomware became a an increasingly serious threat throughout 2020, as hackers continued to target hospitals and healthcare providers amid a pandemic. A smaller trend has also developed in recent months, with a series of attacks on video game companies such as Ubisoft, Capcom and Crytek. Now the developer CD Projekt Red, which launched the malignant blockbuster Ciberpunk 2077 in December, it is the ultimate goal.
On Tuesday, CD Projekt Red revealed that it had been the victim of a ransomware attack. “Some of our internal systems have been compromised,” the company told statement posted to Twitter. The attackers encrypted some computers and stole data, but CD Projekt Red said it would not pay the ransom and would restore its backup systems. The incident occurs while CD Projekt Red faces months of sustained criticism for its hyperactivity Ciberpunk 2077 release. The game had so many performance issues on different platforms that Sony withdrew it from the PlayStation Store and, along with Microsoft, offered refunds to gamers.
Despite the company’s recovery efforts, it still faces possible consequences. The attackers apparently stole not only source code Ciberpunk 2077 but other CD Projekt Red games like Witcher 3, an unreleased version of Witcher 3, i Gwent, the digital card game Witcher. The attackers also say they stole business information such as investor relations, human resources and accounting data. CD Projekt Red says there is no evidence to indicate that customer data was compromised in the infringement.
“If we do not reach an agreement, your source code will be sold or leaked online and your documents will be sent to our gaming journalism contacts,” the attackers said in their rescue note. “Your public image will go down even further.”
CD Projekt Red has released patches for Ciberpunk 2077 in an attempt to improve game stability and control damage. But the company faces a lawsuit from investors, allegations that forced developers to work irrationally overtime to end the game, and criticism of its use of non-disclosure agreements to prevent journalists from accurately reporting deficiencies. of the game before the release.
The company says the attackers are not yet identified, but the rescue note and its filename, “read_me_unlock.txt,” are familiar to investigators at antivirus company Emsisoft.
“This attack appears to involve a type of ransomware called HelloKitty, as the style and convention of note names are consistent,” says Emisisoft threat analyst Brett Callow, adding that it is impossible to tell. certainly without looking at the malware itself. “The group behind HelloKitty does not deploy it frequently and the most notable victim to date is the Brazilian electricity company, CEMIG.” CD Projekt Red did not submit any requests for WIRED comments.
Theories vary as to why the attackers would target CD Projekt Red.
“I see it more as an opportunistic attack, or maybe even revenge and spite,” says independent security researcher Tony Robinson. “Ransomware operators are motivated by money, but CDPR promised many things and was unable to deliver on them, and there may be some who are just about themselves and want to hurt them.”
Emsisoft’s callow says it sees no evidence so far that the recent resentment of game-related ransomware attacks is connected or part of a specific segmentation trend.
“I might be wrong, but I suspect some game developers have been affected by ransomware in recent months it’s just a coincidence, which happens from time to time,” he says.