Cyberpunk 2077 maker suffers ransomware attack
Attackers claim that they accessed source code for Cyberpunk 2077, Gwent, Witcher 3 and an 'unreleased version of Witcher 3'
CD Projekt Red, the developer of the Cyberpunk 2077 and Witcher 3 games, disclosed on Tuesday that it had become the latest target of a ransomware attack.
In a statement posted on Twitter, the Polish video game developer said that an unidentified actor was able to compromise some of its internal systems and gained access to sensitive data.
According to the company, the hackers encrypted some drives on the network and left a ransom note.
The attackers claimed that they had accessed the source code for Cyberpunk 2077, Gwent, Witcher 3 and an "unreleased version of Witcher 3". The group threatened to sell or leak the source code, along with internal accounting, HR, and legal documents, if the two parties fail to reach an agreement in the next 48 hours.
CD Projekt Red (CDPR) said it would not concede to ransomware demands or negotiate with the hackers.
"We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data," the firm said.
It added that all appropriate steps are being taken to mitigate the consequences of such a release.
The developer said it was investigating the incident and does not believe that any personal data of its players or users of its service was compromised in the incident. The company added that it would cooperate with law-enforcement agencies to investigate the cyber attack.
CDPR has been in the news recently for the troubled launch of its long-awaited Cyberpunk 2077 game.
According to the Verge, the game was released with numerous bugs, and that it is difficult to play the game on older consoles. The controversy has even led to class-action lawsuits, and the Polish government is currently investigating the development of the game.
Earlier this month, CDPR also acknowledged a security bug in Cyberpunk 2077 that allowed malicious code to be integrated into mods or crafted save files. The malicious code when executed provided the creator with the control of a user's machine.
The vulnerability was fixed last week after CDPR released PC hotfix 1.12 for Cyberpunk 2077.
The company said that hotfix 1.12 will "fix the buffer overrun issue" and will "remove/replace non-ASLR DLLs".