A group of unidentified hackers was able to penetrate the security of a video game studio, CD Projekt Red (CDPR), best known for the development of landmark prestige titles Cyberpunk 2077 and The Witcher 3, highlighting the need for comprehensive infrastructure security among all businesses — none are immune.
The game source code of Cyberpunk, Witcher 3, along with another game was reportedly stolen by the hackers in a targeted ransomware attack. They posted a ransom note to the development studio, claiming to have taken the games’ source code along with potentially sensitive internal HR, legal, and financial documents.
CDPR, which employs over 1,100 and is based out of Warsaw, Poland, shared news of the ransom note on February 9, and said they would not give in to the demands or negotiate with the hackers, who asked for a 7-figure payday to return the stolen code.
Two days later, it was confirmed the code had been sold to the highest bidder in an online auction, allegedly with a starting bid of $1 million and a sales price of $7 million.
Shortly thereafter, copies of the source code began surfacing online.
While the final selling price for the data and who purchased it is unknown, CDPR is now in the unenviable position of having to contend with the potentially rampant spread of not only copyrighted digital material, but also internal documents, although CDRP has commented that they believe the personal details of their employees remains safe.
One security analyst told Wired that the attack seemed to involve a type of ransomware called HelloKitty, which had previously been deployed against a Brazilian energy company, CEMIG.