CD Projekt Red game maker discloses ransomware attack

The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher, has disclosed a ransomware attack.

The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher series, has suffered a ransomware attack.

The company confirmed the security breach with a series of messages on its social media channels (Facebook and Twitter).

The attack took place on February 8, a threat actor breached its corporate network and encrypted some of its devices.

“Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.” reads a statement published by the company.

“An unidentified actor gained unauthorized access to our internal network, collected certain data belong to CD PROJEKT capital group and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data,”

According to BleepingComputer, the attack was conducted by a ransomware group named HelloKitty, which claimed to have stolen copies of the source code for popular games like Cyberpunk 2077, Gwent, and The Witcher 3.

Emisoft’s expert Fabian Wosar confirmed that the systems of the game maker were infected with a ransomware strain dubbed ‘HelloKitty.’

The group also claims to have obtained a copy of an unreleased version of The Witcher 3 game.

CD PROJEKT RED reported the incident to the police and relevant authorities, including the President of the Personal Data Protection Office, it also hired IT forensic specialists to investigate the intrusion.

The gaming firm confirmed that it wouldn’t be paying any ransom demand.

“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” the company adds.

The company revealed that the compromised systems did not contain players’ personal data.

Recently other prominent gaming firms were victims of a ransomware attack, including Ubisoft and Crytek (hit by Egregor ransomware gang), and Capcom (hit by the Ragnar Locker).

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CD Projekt Red)

[adrotate banner=”5″]

[adrotate banner=”13″]