Cyberpunk 2077 developer CD Projekt Red has revealed that it's been hit by a ransomware attack. The attackers reportedly stole source code for several CD Projekt Red games, as well as internal documents relating to certain departments within the company.
What did the hackers steal from CD Projekt Red?
The Cyberpunk and Witcher developer revealed that it had been hacked early this morning via Twitter. In a tweet, CD Projekt Red shared a readme file that had been left by the hackers. The unnamed group boasted that they had "dumped FULL copies of the source codes" for Cyberpunk 2077, The Witcher 3, Gwent: The Witcher Card Game, and an unreleased version of The Witcher 3. The group also says it has stolen documents relating to "accounting, administration, legal, HR, investor relations and more".
Important Update pic.twitter.com/PCEuhAJosR— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
In the note, the hackers say that if no agreement is reached for the return of the data, the stolen code and documents will be leaked online. However, in its official announcement letter, CD Projekt Red says it has no intention to give in to the hackers' demands. CDPR has also confirmed that to the best of its knowledge, the data doesn't contain players' personal information, nor does it pertain to users of any CD Projekt-related services including GOG. However, it's possible, perhaps even probable, that employee data has been leaked and is part of the ransomware attack.
What's next for CD Projekt Red?
In the tweet, CD Projekt Red says it's already secured its IT infrastructure and started the process of restoring the stolen data. The hackers even acknowledge that the studio is likely to be able to recover "from backups", which weren't affected by the theft. CDPR also says it's approached authorities including law enforcement and Jan Nowak, President of the Polish Personal Data Protection Office. The studio is still investigating the incident, so the full scope of exactly what's been taken remains to be seen. CD Projekt Red itself doesn't actually specifically confirm that the source code for the above games was stolen, but it doesn't refute or deny that, either. We'll have to wait and see what more develops.
This is the latest in a spate of ransomware attacks on prominent developers. Late last year, Capcom was the victim of a major ransomware attack that resulted in the leaking of huge amounts of internal data. Assassin's Creed and Far Cry developer Ubisoft was also hit by a ransomware group, with many assets including Watch Dogs source code allegedly stolen. It's worth noting that these attacks weren't all committed by the same perpetrator. The Ubisoft attack was carried out by a group calling itself Egregor, while the Capcom ransomware hit was perpetrated by a group using "Ragnar Locker" hacking tools. The group responsible for the CDPR attack has not been named.
How do you feel about this CD Projekt Red ransomware attack? Let us know in the comments below!