The gaming firm CD Projekt Red, which developed popular games like Cyberpunk 2077 and The Witcher series, has suffered a ransomware attack.
The attack took place on February 8, a threat actor breached its corporate network and encrypted some of its devices.
“Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.” reads a statement published by the company.
“An unidentified actor gained unauthorized access to our internal network, collected certain data belong to CD PROJEKT capital group and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data,”
According to BleepingComputer, the attack was conducted by a ransomware group named HelloKitty, which claimed to have stolen copies of the source code for popular games like Cyberpunk 2077, Gwent, and The Witcher 3.
Emisoft’s expert Fabian Wosar confirmed that the systems of the game maker were infected with a ransomware strain dubbed ‘HelloKitty.’
The group also claims to have obtained a copy of an unreleased version of The Witcher 3 game.
CD PROJEKT RED reported the incident to the police and relevant authorities, including the President of the Personal Data Protection Office, it also hired IT forensic specialists to investigate the intrusion.
The gaming firm confirmed that it wouldn’t be paying any ransom demand.
“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” the company adds.
The company revealed that the compromised systems did not contain players’ personal data.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, CD Projekt Red)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.