CD Projekt Red does an about-face, says ransomware crooks are leaking data
Data taken in breach disclosed in February likely related to employees and contractors.
CD Projekt Red, the maker of The Witcher series, Cyberpunk 2077, and other popular games, said on Friday that proprietary data taken in a ransomware attack disclosed four months ago is likely circulating online.
“Today, we have learned new information regarding the breach and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet,” company officials said in a statement. “We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games.” . . .
Shortly after CD Projekt Red’s initial disclosure, researchers said they uncovered data showing that source code for games including Cyberpunk 2077, Gwent, and The Witcher 3 had been put up for auction with a starting bid of $1 million.
A separate team of researchers reported that the auction had been closed after a buyer outside of the auction forum had offered a price that was acceptable to the sellers. The price was never disclosed. There’s no proof a sale actually went through, though, and some researchers have speculated that when no buyer emerged, the sellers lied to save face.
Researchers say that the CD Projekt Red breach was carried out by HelloKitty, a little-known ransomware group that some researchers refer to as DeathRansom.
From the beginning, the game maker has steadfastly refused to pay or even negotiate with the ransomware operators. That stance is admirable, although it’s much easier to take when victims can quickly rebuild their networks using backups, as Projekt Red was. Even then, there are prices to pay, as the game maker is finding out first-hand.
No comments:
Post a Comment