CDPR Breached in Cyberattack, Insists It Won't Pay Ransom

News
By Niels Broekhuijsen
last updated

Netrunners at it

Cyberpunk 2077 PC version 1.05 tested
(Image credit: CD Projekt Red)

Game studio CD Projekt Red has been under a lot of fire recently for the messy Cyberpunk 2077 launch, and now it seems the company isn't getting a break. In a tweet, CDPR announced that it was subject to a targeted cyber-attack, compromising some of the company's internal systems.

The attackers claim to have obtained full source code for Cyberpunk 2077, The Witcher 3, Gwent, an unreleased version of The Witcher 3, along with heaps of accounting, legal, admin, HR, and investor relations documents, and are threatening to send them to journalists if CDPR doesn't pay a ransom.

The attackers claim to have encrypted all the server's data, but CD Projekt Red is currently restoring the data from a backup. Something that the attackers already anticipated, apparently.

CD Projekt Red says that it will not give in to the demands of the attackers, even if that means the data will be released. CDPR claims that to the best of their knowledge, no personal data of players has been compromised. CDPR is currently working together with law enforcement agencies to shed further light on the breach.

Niels Broekhuijsen
Niels Broekhuijsen

Niels Broekhuijsen is a Contributing Writer for Tom's Hardware US. He reviews cases, water cooling and pc builds.

10 Comments Comment from the forums
  • Phaaze88
    Dang! Now you KNOW the company ticked off some people.
    Reply
  • TimmyP777
    Something about this seems fishy. The old "terminology" and level of enthusiasm displayed in that text file just doesn't seem...
    Reply
  • COLGeek
    Another good reason to have a robust backup plan. Paying ransom often results in one of two outcomes.

    The crooks take the money and run, with nothing unlocked.

    Or, since they were paid once, they ask for more (with nothing unlocked).

    The crooks are the only possible winners here.

    Lesson learned is to backup your stuff.
    Reply
  • cryoburner
    COLGeek said:
    Lesson learned is to backup your stuff.
    I'm sure they fully expected a company like this to have practically everything backed up anyway, so I kind of doubt they expected to get paid any significant amount of money to unlock the files. The ransom in this case would mostly be for not releasing that data to the public. If there was stuff in those files that the company really didn't want revealed, it might potentially consider paying.
    Reply
  • GenericUser
    COLGeek said:
    Another good reason to have a robust backup plan. Paying ransom often results in one of two outcomes.

    The crooks take the money and run, with nothing unlocked.

    Or, since they were paid once, they ask for more (with nothing unlocked).

    The crooks are the only possible winners here.

    Lesson learned is to backup your stuff.

    This source here states that, in at least their sample size of 5,000 IT managers of companies that paid a ransom, 95% of them got their data back. It would be bad for business as a ransomware operator if none of them ever unlocked the data, because then nobody would bother paying a ransom for files they know they won't get back anyways.

    That being said, paying up only encourages more of the bad behavior because it proves that ransomware attacks are effective, so having a solid backup strategy is always a good plan, along with proper security.
    Reply
  • SSGBryan
    Yet another example of why you should air gap your internal IT structure.
    Reply
  • hotaru.hino
    SSGBryan said:
    Yet another example of why you should air gap your internal IT structure.
    Sometimes that's not viable. You still need external access to the internet and most people are going to need that. So do you buy two computers for everyone? And then you need a system in place to safely transfer files over the gap because it only takes one person who didn't actually scan that file they brought over for malware and whoops, now your internal network is compromised.

    Having an off-site backup system in place is cheaper and just as effective.
    Reply
  • jkflipflop98
    SSGBryan said:
    Yet another example of why you should air gap your internal IT structure.

    Yeah, down here in reality that's not really an option most of the time. Doubly so in the Work From Home era.
    Reply
  • SSGBryan
    I have air-gaped with a netbook.

    I am using an old HP workstation now.

    Doesn't have to be expensive, last gen hardware is perfectly fine for it.
    Reply
  • hotaru.hino
    SSGBryan said:
    I have air-gaped with a netbook.

    I am using an old HP workstation now.

    Doesn't have to be expensive, last gen hardware is perfectly fine for it.
    How do you access a company's air-gapped network if they established a WFH mandate and all of your important work is on said air-gapped network?
    Reply