In a surprising move, developer of the popular game Cyberpunk 2077, the CD Projekt Red’s data was stolen and had reportedly been sold in an auction.
The source code files of the Polish game developer’s RedEngine (CD Project Red’s game development engine), and titles including Cyberpunk 2077, The Witcher 3: Wild Hunt, an upcoming ray-traced version of The Witcher 3, Thronebreaker: The Witcher Tales have been sold by the hackers. As reported previously, CD Projekt Red took to Twitter to post a ransom note left by the hackers in which they claimed to have access to source code from the developer’s popular gaming titles. Although the developer denied paying any amount or negotiate with the hackers, the miscreants seem to have managed to find a buyer for the ‘stolen data.’
As per reports, the auction was held on the dark web with a starting bid of $1 million and a spare $7 million to buy the data outright. KELA, the Dark Web Monitoring Organisation cited the auction to be legit. The Cybersecurity firm mentioned that the auction set up to sell all the files was shut down following a ‘bid’ from outside which was deemed to be ‘satisfactory.’
Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfying offer from outside the forum was received, with the condition of no further distribution or selling. pic.twitter.com/4Z2zoZlkV6
— KELA (@Intel_by_KELA) February 11, 2021
The ransomware attack was reportedly carried by a group named HelloKitty, which posted CD Projekt Red Gwen card game’s (online) source code ‘prior to its auction.’ As per Victoria Kivilevich, KELA’s Threat Intelligence Analyst, the source of the popular gaming titles seems to have been sold in one package.
Apparently, the ransomware locked some devices on CDPR’s network, but the studio managed to restore data from its backups. While the hackers threatened CDPR that they would leak the source codes of the popular games, along with the internal legal, HR, and financial documents, the Polish developer back then said that it won’t give in to the hackers’ demands even if they released the data to the public. It isn’t clear as to who has acquired the source codes and what they plan to do with the data.
While it’s a worrisome case, especially for the users, CD Projekt Red cites that systems containing personal information of its players and users weren’t affected.