Ransomware has a an increasingly serious threat during 2020, while hackers continue to target hospitals and healthcare providers amid a pandemic. Over the past few months, there has also been a smaller trend going on, with a result of attacks on video games such as Ubisoft, Capcom and Crytek. Now the developer CD Projekt Red, who released the malicious blockbuster Cyberpunk 2077 in December is the latest target.
CD Project Red revealed on Tuesday that it was the victim of a ransom attack. “Some of our internal systems have been compromised,” the company said in a statement. statement posted on Twitter. The attackers encrypted some computers and stole data, but CD Projekt Red said it would not pay the ransom and that it was repairing its systems from backup. The incident comes as CD Project Red experiences months of constant criticism for its mistakes, overheated Cyberpunk 2077 release. The game had so many performance issues on various platforms that Sony took it out of the PlayStation Store and offered refunds to players along with Microsoft.
Despite the company’s recovery efforts, it is still a possible outage. The attackers apparently did not just steal source code Cyberpunk 2077 but other CD Project Save games like Witcher 3, a version not yet released Witcher 3, en Gwent, the digital Witcher card game. The attackers also say they stole business information such as investor relations, human resources and accounting data. CD Project Red says there is no evidence that customer data was compromised in the breach.
“If we do not reach an agreement, your source code will be sold or leaked online and your documents will be sent to our contacts in game journalism,” the attackers said in their ransom. “Your public image will decline even more.”
CD Projekt Red has spots for Cyberpunk 2077 in an effort to improve the game’s stability and do damage control. But the company faces a lawsuit from investors, allegations that it forced developers to work unreasonable overtime to complete the game, and criticism of its use of non-disclosure agreements to prevent journalists from accurately reporting on the shortcomings of the game before release.
The company says the attackers have not yet been identified, but the ransom note and file name, “read_me_unlock.txt”, are known to researchers at antivirus firm Emsisoft.
“This attack appears to involve a type of ransomware called HelloKitty, as the style and naming of the note are consistent,” said Emsisoft threat analyst Brett Callow, adding that it was impossible to say for sure without knowing to look at the malware. “The group behind HelloKitty does not use it regularly and the most important victim so far is the Brazilian power company, CEMIG.” CD Projekt Red did not return a request for comment from WIRED.
Theories vary as to why attackers would target CD Project Red.
“I see it as a more opportunistic attack, or maybe even revenge and spite,” said Tony Robinson, an independent security researcher. “Ransomware operators are motivated by money, but CDPR has promised many things and not complied with them, and there may be only one self-righteous person who wants to get hurt.”
Emsisoft’s Callow says it has so far seen no evidence that the recent spate of game-related ransomware attacks is linked to or part of a specific target trend.
“I may be wrong, but I suspect the fact that a number of game developers have been hit by ransomware in recent months is nothing short of coincidental, and it does happen every now and then,” he says.