The source codes and many other sensitive data were officially stolen from CD Projekt RED systems by a ransomware attack. CD Projekt did not respond to any demand from the hackers, which is why they started to leak the GWENT code first and then started an auction for the rest of the "stolen goods". Now a buyer is said to have been found. And the sale amount is reportedly over a million dollars ... That's what the latest information tells us, but what's actually behind it?.
The website vx-underground kept their followers updated on Twitter. They shared early the supposed auction of CD Projekt's data, which is offered through the forum EXPLOIT. The starting bid was said to be $1 million, and there was also a buy-it-now price, which was $7 million. They considered the auction to be genuine. Those who wanted to bid had to have deposited 0.1 Bitcoin on the forum beforehand to confirm the authenticity of the bids.
The authenticity of this auction was also confirmed by cyber intelligence firm KELA to The Verge magazine, referring to the 0.1 BTC that had to be deposited. The previous leak of the GWENT and RedEngine codes was probably meant to prove that the data they were selling was real.
Both KELA and vx-underground then reported on February 11 that the hackers in the auction received an "offer from outside, which made us happy." So it is now assumed that some person (or company) must have paid over a million dollars to get their hands on this highly sensitive and quite not a little valuable CD Projekt data.
"We have seen such behavior in the past. REvil, a ransomware group that threatened to release data dangerous to Donald Trump. Even though the hacked law firm did not agree to pay the ransom to prevent a leak, the information was never released. The hackers simply claimed they sold it."
Suspicions among experts, meanwhile, are hardening that the HelloKitty ransomware group is behind the attack, which has already been responsible for various attacks on Brazilian energy company CEMIG and many others over the past year. Among them, for example, is a [presumably hospital, editor's note] of the United Kingdoms.
So now they were targeting the raw codes of CD Projekt's games. These source codes are like the secret ingredient of the Krabbenburger. Extremely valuable to the developers. So much so that once a German hacker was stormed and arrested by police officers in 2003 for leaking the Half-Life 2 source codes .
The CEO of IT security firm Databarracks, Peter Groucutt, said this type of "double extortion" ransomware attack (stealing data and encrypting it at the same time) will become an ever greater threat to large companies with intellectual property. In the past, Groucutt said, ransomware attacks were designed more to "paralyze" companies, but victims with "robust" backups could restore their data without paying anyway.
It also shows that the total number of paid ransomware ransomware dropped slightly in the fourth quarter of 2020 while they were steadily increasing before. This is also because more and more companies are resisting paying a ransom. So the danger is slowly spilling over that the data is now being leaked publicly, even if the hackers actually wanted money for decrypting the data.
Final Opinion
CD Projekt has been the victim of a ransomware attack that has nothing to do with the company's actual past. They weren't hacked because they released what, for many, was a disappointing game. Not because any gamers felt cheated. But only because they were a lucrative target in a changing ransomware movement that is thus focusing more on intellectual property, rather than hacking hospitals to make pressure over it.
Unlikely that the hackers could actually make that kind of money. Unlikely that CD Projekt will end up taking a big hit. They will be able to recover from this. Hopefully, because the small developer who spent years working hard on these codes doesn't deserve to lose his job over this. He also doesn't deserve any people on Facebook and Twitter now writing that "CD Projekt RED" deserved this. Deserved criticism, yes, that's what CD Projekt's management deserves most of all. Showing as a gaming community that you just can't release a game two years too early. But a ransomware attack? Approving of it? No.
The website vx-underground kept their followers updated on Twitter. They shared early the supposed auction of CD Projekt's data, which is offered through the forum EXPLOIT. The starting bid was said to be $1 million, and there was also a buy-it-now price, which was $7 million. They considered the auction to be genuine. Those who wanted to bid had to have deposited 0.1 Bitcoin on the forum beforehand to confirm the authenticity of the bids.
The authenticity of this auction was also confirmed by cyber intelligence firm KELA to The Verge magazine, referring to the 0.1 BTC that had to be deposited. The previous leak of the GWENT and RedEngine codes was probably meant to prove that the data they were selling was real.
Both KELA and vx-underground then reported on February 11 that the hackers in the auction received an "offer from outside, which made us happy." So it is now assumed that some person (or company) must have paid over a million dollars to get their hands on this highly sensitive and quite not a little valuable CD Projekt data.
A NEW TRENDBut there is reason to be skeptical that a supposed outside buyer will suddenly blow up the auction and it will be closed. "There is another, more likely scenario: there is no buyer at all and closing the auction is simply to save face for the hackers after they botched monetizing the attack against CD Projekt after CD Projekt wouldn't pay a ransom amount." Emisoft threat analyst Brett Callow wrote in his blog post.
"We have seen such behavior in the past. REvil, a ransomware group that threatened to release data dangerous to Donald Trump. Even though the hacked law firm did not agree to pay the ransom to prevent a leak, the information was never released. The hackers simply claimed they sold it."
Suspicions among experts, meanwhile, are hardening that the HelloKitty ransomware group is behind the attack, which has already been responsible for various attacks on Brazilian energy company CEMIG and many others over the past year. Among them, for example, is a [presumably hospital, editor's note] of the United Kingdoms.
So now they were targeting the raw codes of CD Projekt's games. These source codes are like the secret ingredient of the Krabbenburger. Extremely valuable to the developers. So much so that once a German hacker was stormed and arrested by police officers in 2003 for leaking the Half-Life 2 source codes .
The CEO of IT security firm Databarracks, Peter Groucutt, said this type of "double extortion" ransomware attack (stealing data and encrypting it at the same time) will become an ever greater threat to large companies with intellectual property. In the past, Groucutt said, ransomware attacks were designed more to "paralyze" companies, but victims with "robust" backups could restore their data without paying anyway.
It also shows that the total number of paid ransomware ransomware dropped slightly in the fourth quarter of 2020 while they were steadily increasing before. This is also because more and more companies are resisting paying a ransom. So the danger is slowly spilling over that the data is now being leaked publicly, even if the hackers actually wanted money for decrypting the data.
Final Opinion
CD Projekt has been the victim of a ransomware attack that has nothing to do with the company's actual past. They weren't hacked because they released what, for many, was a disappointing game. Not because any gamers felt cheated. But only because they were a lucrative target in a changing ransomware movement that is thus focusing more on intellectual property, rather than hacking hospitals to make pressure over it.
Unlikely that the hackers could actually make that kind of money. Unlikely that CD Projekt will end up taking a big hit. They will be able to recover from this. Hopefully, because the small developer who spent years working hard on these codes doesn't deserve to lose his job over this. He also doesn't deserve any people on Facebook and Twitter now writing that "CD Projekt RED" deserved this. Deserved criticism, yes, that's what CD Projekt's management deserves most of all. Showing as a gaming community that you just can't release a game two years too early. But a ransomware attack? Approving of it? No.
). 
