Stolen CD Project red files allegedly sold now after dark web auction

Files stolen from CD Projekt Red during a ransomware attack that came to light earlier this week were apparently sold in a dark web auction. KELA, a dark web monitoring organization (which previously provided The Legge with legitimate file lists of CD Projekt’s Red Engine)) reports that an auction offered to sell the files has now closed after a “satisfactory offer” was made from outside the forum on which it was held. It is understood that the offer stipulates that the code will not be derived or resold. Cyber Security Account vx underground also reported that he heard the sale had been completed.

Not in: # CDProjektRed AUCTION IS CLOSED. # Hackers auctioned stolen source code for the # RedEngine and # CDPR game releases, and has just announced that a satisfactory offer has been received from outside the forum, provided no further distribution or sale. pic.twitter.com/4Z2zoZlkV6

– KELA (@Intel_by_KELA) 11 February 2021

Have you played Cyberpunk 2077?

Victoria Kivilevich, a KELA analyst, explained to IGN that all the stolen files – which apparently contained the source code for Cyberpunk 2077, several versions of The Witcher 3 and Gwent – appear to have been sold in one package. It is unclear who the buyer is or what he wants to do with the files at the time of writing.

It is also unclear at what price the files were sold, but reports yesterday indicated a pre-purchase price of $ 7 million. Kivilevich provided IGN with a translated snapshot of the forum, dated February 10, in which the seller said that CD Projekt should pay the ‘blitz’ (prior purchase price) due to sensitive data in the files. Of course, we can not verify whether this is true. CD Project has publicly stated that it will not pay the ransom.

A reported screenshot of the now closed auction thread.

In a report helped by KELA yesterday, The Verge explained that the auction required a deposit to enter (intended to show potential buyers that it was not a fraud auction), with a bid of $ 1,000 .000, which would increase in $ 500,000 increase. Vx-underground also reported that the source code (or at least fragments of the source code) had been released for Gwent, which could be further proof that the files were in the hands before the auction.

Although not yet confirmed, several cyber security experts pointed to the attack on ransomware coming from a group called HelloKitty, based on the title and contents of the ransom note that CD Project posted after the hack.

The amount of people who think it was done by a disgruntled player is laughable. Judging by the ransom letter shared, this was done by a ransom group we follow as “HelloKitty”. It has nothing to do with dissatisfied gamers and is just your average ransomware. https://t.co/RYJOxWc5mZ

– Fabian Wosar (@fwosar) February 9, 2021

IGN contacted CD Project for comment.

Joe Skrebels is IGN’s executive editor of News. Follow him further Twitter. Do you have a tip for us? Want to discuss a possible story? Send an email to [email protected].

Source

Share this:
Click to share on Twitter (Opens in new window)
Click to share on Facebook (Opens in new window)
Click to share on LinkedIn (Opens in new window)
Click to share on Pinterest (Opens in new window)
Click to share on Telegram (Opens in new window)
Click to share on WhatsApp (Opens in new window)
More
Click to print (Opens in new window)
Click to share on Reddit (Opens in new window)
Click to share on Tumblr (Opens in new window)
Click to share on Pocket (Opens in new window)

Related