CD Projekt Red Game Studio Discloses Ransomware Attack, Extortion Attempt

Polish game developer CD Projekt Red, the maker of triple-A games like Cyberpunk 2077 and The Witcher series, has disclosed today a ransomware attack. From a report: In messages posted on its official social media channels, the gaming studio said the attack took place yesterday when a threat actor gained access to the company's corporate network. "Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data," the company wrote on Facebook and Twitter. The game maker also published a copy of the attacker's ransom note, in which the hackers claimed they obtained copies of the source code for games like Cyberpunk 2077, Gwent, and The Witcher 3, along with an unreleased version of The Witcher 3 game. But despite the threat of a sensitive leak, the game maker said it wouldn't be paying any ransom demand.

That explains it

[nagora]

They were clearly blackmailed into releasing CP'77 before it was finished.

Re:

[sound+vision]

I'm actually hoping someone else can finish it now that it's been open sourced. Beyond bugs it seems like the game has a lack of features and mechanics to make the game interesting. It will be easier to fundamentally change and upgrade it with the source.

Good on them

[JeffOwl]

For not paying the ransom.

Re:

[cloud.pt]

One of the pros of making DRM-free software: people will buy it out of sheer commitment to good service, and an early leak will have little impact since the same people would rather play it when officially available instead.

Also, they may just release any game the attacker has copied shortly after any public leaks from the attacker, rendering his leak useless.

Re:

[Presence Eternal]

It is nice to know there is at least one company that won't be contributing money towards attacks on hospitals and vital infrastructure.

Is it fair to call Cyberpunk a AAA game

[Idimmu Xul]

when it was just really expensive, without the quality?

Re:

[thrasher thetic]

Yes. It was budgeted, marketed, developed, and sold as such. This is the standard they set for themselves. They failed. It happens.

Re:

[sound+vision]

"AAA" is more of a marketing category than a good descriptor of a game. "AAA" tells you that it stars Keanu Reeves, has high poly counts and raytracing, and costs as much as a Hollywood blockbuster. Much like the blockbuster, quality is optional.

Re:

[LenKagetsu]

AAA doesn't hold a defined meaning and the big devs would fly into absolute rage if a governing body tried to define it, so any game can be called AAA.

Re:

[vux984]

Wait, have you played many other triple AAA games? Lots of them were terrible bug ridden messes, especially at launch.

Re:

[account_deleted]

Comment removed based on user account deletion

Backups

[earl pottinger]

Imagine that, just having proper backups makes the ransom demands fail. While restore data/programs take time and money, big ransom demand fall flat if you have proper backups.

Re:Backups

[Mascot]

It's worth pointing out that you also need to ensure your backups are secured so that the ransomware cannot get those as well.

When we migrated away from tape based backups, we overlooked this for a while before correcting the mistake and isolating the backup server and storage. I doubt we're the only ones. In our case, no harm done, but that's just down to luck.

Re:

[earl pottinger]

Do any of the NAS solutions out there come with an WORM OS, so you can write but never erase the older copies?

Re:

[earl pottinger]

That is write newer files, but can't erase the older versions?

Re:

[dns_server]

Just remember that mirroring is not backups.
If you have a job that uses something like rsync to copy from one nas to another you will end up overwriting a good copy with a bad copy.

One way that might help is thinking of backups as a pull not push.
Have the nas that holds your backups be able to connect to the other servers to pull backups but limit access to this nas so that you only login to it with different credentials when you need to restore.

You could go for a mirror then snapshot strategy where the sec

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Mascot]

The best approach to security might not be to suggest to someone with only rack mounted backup storage that they physically change it out weekly. :p

My whole point was that we migrated _away_ from tape based backups, removing the ability to take the full backup off-site. Of course we designed around that fact so that we can recover in the unlikely event of the backup server being hacked or the building burning down.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Mascot]

That would not protect against the building burning down, the cost/benefit analysis would not be too kind. It effectively would only speed up recovery in a scenario where the hardened and segregated backup server somehow got compromised and we had to rebuild from the more limited off-site backup. Granted, that is a more likely scenario than the building burning down, but it's still very unlikely and not deemed worth that kind of investment (the storage is by some margin the most expensive part of the setup)

ransomware thieves suck

[EvilStein]

at this point, I think it should be perfectly legal to find these kids and execute them in public. They've caused untold damage to hospitals and businesses already.

Find them. Destroy them once and for all. Yes, I think a huge public spectacle needs to be made of them.

Great

[clipartkind]

Great content. "Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data,"

Who cares about the source code?

[vadim_t]

I never quite got why source code would be particularly sensitive for such things. It's still under copyright. No serious studio is going to touch that with a 10 foot pole, and a few curious people poking at it isn't going to hurt anything anyway.

So not a good thing to ransom, as I see it.

Re:

[malkavian]

It's great for finding flaws that you can use to exploit. It's also great for finding "secret sauce" algorithms that solve some thorny problems (and once you see how it's doine, it makes your own implementation that much easier to do).
Source is at the heart of how things work, so it's very, very useful.

Re:

[vadim_t]

Witcher 3 and Cyberpunk aren't multiplayer games, though.

And yeah, I get it's useful, but from the point of view of extortion, I'm not seeing it.

It's not going to do much to the sales of the game -- which come without DRM anyway, so might as well pirate the binaries.

It's not going to do anything for licensing the code -- even if you can get your hands on the source it's not legal, so no sane studio is going to touch it.

There might be some secret sauce in there, but nothing I heard so far suggests there's an

Re:

[dissy]

The version of Red Engine used in Witcher 3 is already available to license.
Customers paying for the engine already have the source code to that.

Modders have both the red engine editor and other asset packing and extracting tools for some time now.

Not only would no big dev studio touch a leaked version, as you said, but at the same time any dev studio could just license the thing and have the source that way.

I don't know about Cyberpunk specifically, I thought I heard it is on a new version of their engine.

Re:

[sabt-pestnu]

Who cares about the source code?

The developers, when they don't have an uncorrupted backup, for one. The publishers, for whom copyright is nice, but you have to have the money to pursue a copyright case in order to enforce it. The players, who might want to see bugs in the code fixed.

In this case, the studio has backups. That's not always the case.

Re:

[John_Sauter]

I never quite got why source code would be particularly sensitive for such things. It's still under copyright. No serious studio is going to touch that with a 10 foot pole, and a few curious people poking at it isn't going to hurt anything anyway.

So not a good thing to ransom, as I see it.

If you have misappropriated someone else's copyrighted code, that will likely be evident if the original author examins your source code, even if you have removed his copyright notices.

Re:

[Quince alPillan]

They don't even need to examine the source code. Sometimes it's obvious just from common bugs. If a particularly nasty bug is present (and fixed by the original developer), seeing that bug or an eerily similar one in another product is a sign that that code has been lifted from your copyrighted product.

Re:

[Luthair]

I'm not really sure about the state of piracy but its probably a lot easier with access to the source. Plus as others have mentioned people can just yoink code, it would be pretty difficult to identify some smaller developer using parts of your source code.

Re:

[F.Ultra]

It's DRM free so piracy will not benefit from source code access. Might help some mod makers though.

Re:

[thegarbz]

Might help some mod makers though.

Mod makers generally do not touch source code leaks as they can end up in serious legal shit if they publish a mod that depends on the source code depending on where they are located.

Re:

[F.Ultra]

That sounds dubious, you are not breaking any laws or any copyright be looking at code regardless of if it was released illegally, nor are you breaking any laws by using knowledge from that in making a mod. You have to copy pieces of the code into your own to infringe the copyright.

Re:

[thegarbz]

That sounds dubious, you are not breaking any laws or any copyright be looking at code

Looking at it, no. Producing something with the knowledge obtained by looking at it, that will actually run afoul of laws in many countries. Mind you maybe I'm off base and don't have a clue, but modders are as well. There's a history of modders not touching source code for this very reason.

Re:

[F.Ultra]

I think that it's the "creation of a derivative work" that you are thinking about, probably a legally unknown at this time as you say so yes they are perhaps best to keep their eyes away until it gets settled in court.

Re:

[freeze128]

Maybe someone can fix all the bugs....

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[dow]

I expect it is the remaster/update for the new consoles.

Common trick, can't believe they fell for it.

[MindPrison]

1) It doesn't present the company with a SHRED of evidence they actually have anything.

2) It's a pretty common version of the old "we have all your files and we know what you have been watching", you have 48 hours to comply etc...

This is a pure phishing attempt - nothing else, they have ZERO stuff - at best, maybe a reverse engineered/reverse compile of some software, but that's something anyone worth their salt can do.

CD project red has NOTHING to worry about, I've been receiving similar threaths for YEARS

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[black3d]

I'm not sure how you think they "fell" for it? They're not giving in to any demands. They've basically ignored it except for acknowledging the breach.

It's not purely phishing when the attacker actually has read/write access to your servers. This isn't just some anonymous note they received.
>"Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data."
It appears you believed this was purely an ext

Re:

[thegarbz]

CD project red has NOTHING to worry about, I've been receiving similar threaths for YEARS and nothing ever came out of it.

I guess they are recovering from backups because suddenly finding your servers encrypted and contracting to digital forensics companies is just a normal Tuesday's business then right?

Seriously did you read anything other than the headline? I wonder if you didn't waste so much time pointlessly posting shit how much you could have accomplished if you instead dedicated that time to simply reading the fucking summary.