CD Projekt Red has been targeted by a ransomware attack compromising internal systems and threatening to release classified information and game variants.
The company put out a statement explaining what had happened and its proposed response. Allegedly, the hackers have access to source codes for all of CD Projekt Red’s games including Cyberpunk 2077 and Gwent. This also includes a previously unreleased version of The Witcher 3.
Important Update pic.twitter.com/PCEuhAJosR
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
“Yesterday, we discovered that we have become a victim of a targeted cyber attack due to which some of our internal systems have been compromised,” CD Projekt Red’s statement explained.
“An unidentified actor gained unauthorised access to our internal network, collected certain data belonging to CD Projekt capital group and left a ransom note the content of which we released to the public.”
The ransom note threatened to release all of this data, including “all of your documents relating to accounting, administration, legal, HR, investor relations and more,” if the company did not respond in 48 hours.
The ransom began with the phrase “your have been EPICALLY pwned!!” and specifically addressed CDPR’s recent PR issues, stating: “Your public image will go down the shitter even more and people will see how your shitty company functions.”
The response from CD Projekt Red asserted that the company would not “give in to the demands or negotiate”, but were “aware this may eventually lead to compromised data”. They also addressed the issue of personal user data, claiming that to the best of their knowledge none had been compromised.
CD Projekt Red has already contacted law enforcement and “IT forensic specialists”, and have not yet confirmed whether they will release this data ahead of the breach.
Recently, Cyberpunk 2077 players have been asked by CDPR to stop using mods, due to a serious security risk in which a vulnerability in external DLL files the game uses can be used to execute code on PCs.