The group claiming to be behind a recent CD Project “href =” https://www.videogameschronicle.com/companies/cd-projekt/ “> CD Project Red-hack is auctioning off the stolen source code for Cyberpunk 2077” href = op. “https://www.videogameschronicle.com/games/cyberpunk-2077/”> Cyberpunk 2077 and The Witcher 3: Wild Hunt “href =” https://www.videogameschronicle.com/games/the-witcher-3- wild-jag / “> The Witcher 3.
According to Tom’s Hardware (via vx underground), the files – which are said to be an unreleased version of Witcher 3, possibly for PS5 and Xbox Series X / S – are sold on the EXPLOIT forums with a starting bid of $ 1,000.
The ransomware attack was allegedly carried out by a group called HelloKitty. It also reportedly posted the source code of CD Project Red’s Gwent card game online, with the leak spreading to various forums.
CD Projekt Red revealed on Monday that it has been the victim of a targeted cyber attack. In a statement, the developer said that some of its internal systems had been compromised and that “certain data” had been stolen.
In an apparent ransom letter published along with the statement, the culprits allege that they stole source code for the above games, as well as documents related to the company’s accounting, law, HR and more.
If CD Project Red did not ‘agree’ with them within 48 hours, the culprits said they would sell or leak the content.
CD Project Red said it would not concede to the claims nor negotiate with the people behind the attack, noting that this could eventually lead to the disclosure of the compromised data.
“We are taking the necessary steps to mitigate the consequences of such a release, in particular by approaching any parties who may be affected by the offense,” he said.
“We are still investigating the incident, but at the moment we can confirm that the best systems, to our knowledge, do not contain any personal data of our players or users of our services.”
CD Project Red said it has already approached relevant authorities, including law enforcement and IT forensic specialists.
On Tuesday, the company also held a statement addressed to its former employees.
“At this time, we have no evidence that your personal data was accessed,” he said. ‘However, we still recommend being careful (ie enabling fraud alerts). If you have any questions, please write to our privacy team dpo[at]http://cdprojektred.com. ”