CD Projekt Red game studio discloses ransomware attack, extortion attempt

The company behind games like Cyberpunk 2077 and The Witcher becomes the latest gaming studio to fall victim to a ransomware attack.

cd-projekt-red.png

Image: CD Projekt Red

Polish game developer CD Projekt Red, the maker of triple-A games like Cyberpunk 2077 and The Witcher series, has disclosed today a ransomware attack.

In messages posted on its official social media channels, the gaming studio said the attack took place yesterday when a threat actor gained access to the company's corporate network.

"Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data," the company wrote on Facebook and Twitter.

The game maker also published a copy of the attacker's ransom note, in which the hackers claimed they obtained copies of the source code for games like Cyberpunk 2077, Gwent, and The Witcher 3, along with an unreleased version of The Witcher 3 game.

cd-projekt-red-ransom-note.png

Image: CD Projekt Red

But despite the threat of a sensitive leak, the game maker said it wouldn't be paying any ransom demand.

"We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data," the company said.

"We are still investigating the incident, however at this time we can confirm that —to our best knowledge — the compromised systems did not contain any personal data of our players or users of our services."

The game maker said it already notified local authorities. This is also the second time the Polish company was hit by a ransomware gang. It fell victim to a similar incident in June 2017.

CD Projekt Red now becomes the fourth major gaming studio to fall victim to a ransomware attack over the past 12 months after attacks on Ubisoft and Crytek by the Egregor gang, and the attack on Capcom by the Ragnar Locker gang.

The attacker behind the CD Projekt Red attack has been identified as a ransomware gang going by the name of HelloKitty, according to an Emsisoft security researcher.

Article updated at 1pm ET with attack attribution.