Cyberpunk 2077 maker CD Projekt's servers, data targeted by ransomware attackers
CD Projekt said that no user data was compromised “to their best knowledge” and that it was working with the authorities, without giving in to the attackers demands.
Game development studio CD Projekt's year has had off to a rough start - at least where Cyberpunk 2077 is concerned. After a rough initial rollout of the highly awaited game and issues with both the console and PC versions, CD Project had announced last week that there were security issues with using game mods. Now, the company has stated that it was the victim of a ransomware attack.
Important Update pic.twitter.com/PCEuhAJosR— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
The Polish gaming company took to Twitter on Tuesday to inform its customers that the attackers left a note in the form of a text file, in which they claimed they made copies of not only CD Projekt's internal source code, but also documents related to their accounting, administration, finance, legal, HR, and investor relations. They have claimed that these documents will be released if they will not “come to an agreement.” The company says it will “not give in to the demands nor negotiate with the actor” and that they were aware that it might lead to the release of the compromised data.
Also read: Cyberpunk 2077 official modding support tools released, fix for game-breaking bug coming soon
It appears that the hackers were right to assume that the company had backups - the statement on Twitter says that restoration of data has already begun and that they have alerted the authorities. It is believed that the attack was carried out in retaliation for the studio releasing the game without completely verifying it was stable and without bugs. The patch to version 1.1 that was released recently also completely broke the main storyline, where a character who is supposed call the player's character never makes the call - this bug is yet to be fixed.
The screenshot of the text file shared by CD Projekt also reveals that the attackers claimed to have “encrypted all of their servers” but that they understood that they “could most likely recover from backups”. The hackers have claimed that they have copies of the source ocde for the following games from the company's “Perforce” server: Cyberpunk 2077, Witcher 3, Gwent (a popular card game), and an “unreleased version” of Witcher 3.
Don't miss: CD Projekt Red urges caution with Cyberpunk 2077 mods, says PC gamers could be affected by vulnerability
This is the second security-related announcement that CD Projekt had to make this month. Last week, we reported that the company had cautioned users against using mods from unknown sources on the internet after they were alerted to “a vulnerability in external DLL files the game uses which can be used to execute code on PCs” and that “issues will be fixed ASAP”. Users are advised to avoid installing any mods until CD Projekt gives out the all-clear again.
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.