Ever since the Launch of Cyberpunk 2077 in December 2020, CD Projekt Red have faced many difficulties from angry customers, lawsuits and now ransomware attacks. On the 8th of February, the game development company discovered they had been hit by a targeted cyber attack that has allegedly stolen the source code to their games, such as The Witcher 3, Gwent and Cyberpunk 2077. The next day, CDPR released a statement of what had happened and said that they had contacted the relevant authorities, and would not be giving into the demands of the hackers.
Message to CDPR from the hackers
Hackers Have Allegedly Auctioned The Stolen Data
Initially the source code was listed at an auction price starting at 1 million USD, increasing in increments of 500 000 USD, or a buyout price of 7 million USD. Screenshots have now been released from a cyber-security company called Kela of a post on the hackign forum Exploit by the alleged hackers, claiming that they have closed the auction and sold the files containing the source code for Thronebreaker: The Witcher Tales spinoff, The Witcher 3, a ray-traced version of The Witcher 3, Cyberpunk 2077 as well as the company’s internal documents. It is unknown who purchased it or what the price was.
The Company Behind The Attack
The name of the group behind the attack is Hello Kitty, according to a tweet from Emisoft’s Fabian Wosar. Hello Kitty ransomware works by first running a process called taskkill.exe which will terminate any process related to security or backups on the network. This process runs until it has shut down over 1400 Windows tasks and processes. Once this has been done, it will begin to encrypt the files on the computer, and leaves behind a ransom note. The ransom note will include a link to a Tor dark web chat window where the victims can negotiate with the threat actors.
CDPR is still looking into the situation in an attempt to locate the culprits and ensure that something like this doesn’t happen again.