CD Projekt Ransomware Hack Severely Disrupts Work on Cyberpunk Updates (bloomberg.com) 93
CD Projekt SA said Wednesday it will delay a promised update to the much-criticized role-playing game Cyberpunk 2077, pinning the blame for its slow progress on a recent security breach. From a report: What the Polish publisher didn't say is that most of its employees have been locked out of their workstations for the past two weeks, according to people familiar with the matter.
The work stoppage is the result of a ransomware attack disclosed on Feb. 9. The extent of the disruption, which hasn't been previously reported, poses a major setback to CD Projekt's attempt to rescue a game in desperate need of repairs. CD Projekt has said it refused to pay a ransom to the hackers. As a result, employees remain unable to log onto the company's virtual private network, making it impossible to access the systems and tools needed to do most of their jobs, said the people, requesting anonymity because they weren't authorized to talk publicly. Although some CD Projekt employees are working from the headquarters in Warsaw, the majority are at home due to the coronavirus pandemic.
Re:Cyberpunk is unsalvageable (Score:5, Interesting)
I'm having a great time with it (on PC). I've put about 75 hours into it. I didn't consume much of the pre-release hype media, so I'm blissfully unaware of features that were promised or implied that we didn't get. I've seen the occasional goofy visual or physics bug. The other day, when I loaded a game, it spawned two identical pedestrians in front of me. But these aren't game-wrecking issues for me, nor have I run in to any bugs that prevented me from accomplishing goals in the game.
I gather that console players have more to be upset about, but from my perspective, the game is not unusually buggy for a title of its scope today. (I wish we could expect even less buggy games, but I remember, in the bad old days, having to order a whole new set of floppy disks from Sierra for a game they shipped unplayably broken.)
Re: (Score:3)
" it spawned two identical pedestrians"
While living in student dormitories, the real world sometimes spanned two identical twin brothers in front of me... Didn't thought it was a bug at the times, but now that I think about it...
Re: (Score:2)
Sometimes they even go for a drive together!
https://i.imgur.com/JW0VzOJ.jp... [imgur.com]
Re: (Score:1)
Re: (Score:2)
the game is not unusually buggy for a title of its scope today.
I have to say I disagree. Maybe not it's fine, but titles of its scope today usually do not have multiple horrible game breaking bugs. I actually really enjoy this game and have sunk 100 hours into it. Even better now with mods. But on release there were multiple serious crashes, there were multiple in game glitches that made progress in the game impossible without loading earlier saves and well into mid January there were quests which outright could not be finished, they simply didn't function as events we
Re: (Score:2)
" But there are almost no games that have outright "game breaking" bugs in their main quests, and very few in pre-designed side quests"
Except anything from Bethesda ;)
Re: (Score:2)
I appreciate the sentiment, but I don't think that even Fallout 7fucking6 had game breaking bugs. Sure it was buggy as fuck, unbalanced, horrible engine issues with the graphics, boring beyond all belief, clearly not at all a good....
I cut myself short. Now I remembered several people were able to launch the end game at the same time and crashed all the multiplayer servers. Yeah... that was a game breaking bug in the most fundamental sense XD
Re: (Score:1)
Even console players don't have an issue on current gen (Xbox Series X / PS5), it's only last gen players that got screwed.
So all in all the game is absolutely fine for everyone except last gen console players. CDPR's only mistake was even bothering to cater to them, if they hadn't and had just made this a current gen / PC only project and released the exact same thing it would be seen as a stellar success; the only thing bringing it down is the botched last gen release and the (understandable) noise coming
Investors (Score:2)
CDPR's only mistake was even bothering to cater to them, if they hadn't and had just made this a current gen / PC only project and released the exact same thing it would be seen as a stellar success; the only thing bringing it down is the botched last gen release and the (understandable) noise coming from those folks.
But to function as a company and actually release a game, CD Projekt needs money, some of which will come out of investors.
Who will incist that CDPR needs to release the game on every singly last platform under the sun.
CDPR has two choices:
- explain to the investor why, but risk the investor walking away, saying "but look them numbers! Xbox One and PS4 are insanely popular platforms !" and lose money immediately.
- say "sure yes", do some minimal enough attempt at porting to last gen consoles
Re: (Score:1)
So YOU'RE the one who bought the source.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It has worse mechanics than games from 2004, FFS.
Maybe you like it that way, good for you.
Re: (Score:2)
There are foundational parts which are FUBAR
Examples? Be specific please. I mean bugs aside the game is playable and for many quite enjoyably. I suspect you're talking out of your arse.
Re: (Score:2)
No car AI, just preset pathing.
No police chasing.
No wanted levels.
No NPC AI, just preset pathing. Two reactions for shootouts: cower indefinitely or run away.
No police AI.
Cars wait indefinitely when you stop in the middle of the road.
Police spawns out of thin air, even in enclosed spaces.
If you like a game with those shortcomings, your quality bar is very, very low.
Re: (Score:1)
> No car AI, just preset pathing.
Who gives a shit? "Oh no, that red shitbox doesn't have an AI controlling it wanting to go to the next part of town, when I'm going in a completely opposite direction and will interact with it for literally half a second" Also, the blue shitbox I'm going to ram out of my way / pass doesn't want to go to a specific place when I also interact with it on the road for two seconds. Let me wail and gnash my teeth!
> No police chasing.
Again who cares? Just because they don't g
Re: (Score:1)
Who gives a shit? "Oh no, that red shitbox doesn't have an AI controlling it wanting to go to the next part of town, when I'm going in a completely opposite direction and will interact with it for literally half a second" Also, the blue shitbox I'm going to ram out of my way / pass doesn't want to go to a specific place when I also interact with it on the road for two seconds. Let me wail and gnash my teeth!
When you stop in the middle of the road and all cars with all drivers in them just wait until the end of time, you start giving a shit, especially when you know this game mechanic first appeared 15+ fucking years ago. It's not a new game mechanic.
Maybe you enjoy playing with a polished turd just as well. Good for you.
Again who cares? Just because they don't get in a car and chase you doesn't mean they don't network and even ones outside of visual range that you come upon when you have at least one wanted level won't try to shoot you. Which leads us to the next fun bit...
Actually they don't really chase you. You hop in a car and drive away, and you don't even have to drive too far. Again, a game mechanic which exists for a looong time, but somehow is missing fr
Re: (Score:1)
More blathering shit, proving YOU were stupid enough to buy into tons of fan based hype on an unreleased game
You know what else has technology from decades ago? My car, my refrigerator, my washing machine, and myriad other things that can be listed to infinity. Stupid "smart" appliances are an unneeded gimmick. If it works, and doesn't negatively impact my life, why the fuck would I want something new and completely untested?
What benefit would all this shit you are whining about give me in the game? Other than chewing through CPU like it's going out of style, making everything run hotter than a Prescott with a sto
Re: (Score:1)
Are you usually so unneededly aggressive, or did I touch a sensible spot? Are you desperately trying to justify your fanboyism or the fact you paid 60 bucks for a half-assed developed game? Or both? I wonder...
Anyway...
You know what else has technology from decades ago? My car, my refrigerator, my washing machine, and myriad other things that can be listed to infinity. Stupid "smart" appliances are an unneeded gimmick. If it works, and doesn't negatively impact my life, why the fuck would I want something new and completely untested?
I believe I already mentioned other games in a similar vein did have the same features implemented in the past, some as much as 15 years before Cyberpunk 2077, we're not talking about anything new, innovative, unseen before. Therefore I have no clue what your angle is.
What benefit would all this shit you are whining about give me in the game? Other than chewing through CPU like it's going out of style, making everything run hotter than a Prescott with a stock cooler. None. That's what.
See point 1. Games from
Re: (Score:1)
Nice list. Let's go through them.
> Pathing: A mod has already demonstrated that AI based path deviation is easy to implement, it hasn't been released due to it being unstable but clearly this isn't foundational.
> Police chasing: Actually this is part of the foundation. If you simply spawn a police car while you have a wanted level they will chase you, shoot at you from the window, and get out of the car and chase you on foot. I.e. the foundation of the game does what you want. There's a mod available
Re: (Score:1)
1. Pathing not released after being promised, touted and hyped, after 8 years of development? Because it's "unstable"? Hmmm. Okay.
2. Police chasing happens for a limited distance, then your wanted level suddenly drops to zero. Certainly not something you would expect in a futuristic game.
3. Wanted levels are useless unless point 2 is fixed.
4. Applying AI to all NPCs happened in a lot of similar games, even games released by CDPR themselves. And guess what, it was not performance crippling at the time, and c
Re: (Score:1)
Re: (Score:1)
He's pointing out there's nothing wrong with the game engine, despite his initial claims and instead proving that he got suckered in to the hype and is crying that not 100% of the features developers promised in the past 7 years made the final cut. He's up in arms because he's a spoilt brat.
Re: (Score:2)
Oh, just shut the fuck up. You can't have a normal conversation without resorting to name calling. So fuck off, troll.
Re: (Score:2)
Mainly because it was overpromised and underdelivered.
Also because 10-year-old games have a better police system.
But if you are OK with being lied to (or if you don't care that potential customers have been lied to, in case you weren't following the game's announcements), you wouldn't see it, and it wouldn't bother you. Maybe it's what CDPR betted on, and by the looks of it, they won that bet.
Re: (Score:1)
1. Pathing not released after being promised, touted and hyped, after 8 years of development? Because it's "unstable"? Hmmm. Okay.
I know reading comprehension is hard, but try again. Pathing has been shown by a modder, hacked together in a few weeks and it's unstable.
As to the rest of your points:
2. Moved goalposts, but also fixed easily by a mod.
3. Fixed by mods
4. No you simply have no idea how games work.
5. Who cares. You're just moving the goalposts
6. Doesn't matter if it was implemented. That's not what is being discussed, stop trying to move the goalposts.
7. Fixed by a mod, again stop trying to move the goalposts.
How about vendor interaction? Empty cars going in circles over and over again? NPCs driving motorcycles? And so on.
Good question.
Th
Re: (Score:2)
I'm not saying it should be thrown, I'm saying that altering the game in such a way that all promised features would be there and work as intended is a huge endeavor, so huge, in fact, that it would take several years to get there. And this is not the kind of game worth that amount of effort, except maybe if they introduce paid DLCs, and that's a bad idea for different reasons.
And I'm not moving goalposts. Those goalposts were announced by CDPR, some of them years back, and promised to be in the game. There
Re: (Score:2)
It is highly unlikely that Cyberpunk is unsalvageable, you figure out the game-breaking bugs and most common bugs and fix those, the likelihood is most people are experiencing the same bugs. Sounds like a lot of people are enjoying the game regardless.
CDPR probably have a very profitable new franchise here if they can iron the kinks in the game engine and/or creation process out.
The big question is do CDPR have good back-ups of everything? Because re-establishing VPN links shouldn't take 2 weeks to do so I
Re: (Score:2)
That's the thing, see, it's not the bugs. It's the core game mechanics being problematic.
Cars have preset paths and no AI.
Pedestrians have preset paths and behaviors and no AI.
You can't interact with food vendors (for example).
Police has no chasing AI.
Police has no pathing, spawns directly behind you no matter where you are, e.g. if you're in an enclosed area with only one entry, they materialize inside the area, out of thin air.
Have you seen NPCs driving a motorcycle? No. They can't.
These are just some of
Re: (Score:2)
Fair enough, less tech savvy people wouldn't know how to put it when they see that stuff but it can certainly make for less immersive gameplay. I've heard about the lack of sensible police spawning before, that does sound sucky.
Re: (Score:2)
Well, Final Fantasy 14 and No Man's Sky did exactly that and came out fine...
Re: (Score:2)
The problem is in No Man's Sky there's an endless amount of planets to visit, plants and animals to scan, bases to build, missions to accomplish.
Cyberpunk 2077 is a relatively short game, with low replayability.
Desperate need of repair (Score:4, Insightful)
What really is in desperate need of repair is the people who make this claim. The game was great and worth full price on PC. They should never have released it for ancient consoles.
Re: (Score:2)
Either your quality bar is very, very low, or we're talking about different games altogether.
Re: (Score:3)
Re: (Score:2)
Its game. The test is are you having enough fun you feel like you are getting your monies worth or is the experience being ruined by frustration not related to intentional game play elements.
I am not suggesting software houses making games should be given a total pass on quality issues by any strech but we are not calculating the interest on your retirement fund here, it really is ok if an NPC gets stuck in a wall once in a while, its less ok if the player gets stuck in a wall.
my advice: Take off the jewele
Re: (Score:2)
They hyped the game and promised a plethora of game mechanics and behaviors which simply didn't materialize.
Objectively speaking, compared to what CDPR promised, the game is at 30%, with many core mechanics missing altogether.
Watch this, it explains things in great detail: https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
You're more than welcome to your opinion, but so was the person you replied to. You don't need to be a dick just because they liked the game.
Re: (Score:2)
It's not a matter of opinion. Opinion is when you like Picasso and I don't. That's opinion, because it's based on subjective data.
Missing or simplified Cyberpunk 2077 features is a matter of what was clearly announced and promised versus what came out in the end.
Car analogy: if you're promised a 2020 supercar but are in fact given a 1995 small family car for the same premium price, you would be pissed. Hell, you would sue the maker for false advertising. But look, "average" people would be happy with it any
Re: (Score:2)
Re: (Score:3, Informative)
You're right. It would've been a much better game if the budget was cut 70%. That's about the split of revenue (30% PC, 70% console) - at the absolute best, it was 50-50 (but likely not - CDPR doesn't do DRM so it will be heavily pirated on PC), so without consoles, half your revenue is gone. The game's budget would've been cut by at least half.
They couldn't release on next gen consoles because few people had the units - it would barely make a blip on
Re: (Score:3)
This is an interesting argument. But it's also a one that seems disconnected from reality, considering that Witcher 3 remains a massive seller to this day. On PC stores where its available.
In spite of DRM free state.
As opposed to countless "DRM'd to hell and back" games that get cracked a few months after release, and sell but a small fraction of its numbers.
Could it be that DRM is not a magical sales generator among those that don't buy games in general?
Re: (Score:2)
I never said DRM would cause more sales. I just said
Re: (Score:2)
Re: (Score:2)
"And they're still losing money on it"
Not if they fix it and convince people to give it a second chance (i.e. buy it and keep it).
Re: (Score:2)
CDPR doesn't do DRM so it will be heavily pirated on PC
That's a stupid statement. Firstly presales on PC were incredibly strong thanks to the hype around the game. And people who pirate simply because something has no DRM aren't the type of people to simply buy it when it does. That's a PC customer base which is completely insignificant.
Also interesting you claim a revenue split on consoles vs PCs and think that's somehow related to budget. There are many big budget PC titles that have no console equivalent. How do you think having it withdrawn from sale and re
Re: (Score:2)
Obviously not. Sure, if you are fan enough, you will overlook even severe defects. But not everybody has become a victim of the hype and hence completely irrational.
Re: (Score:2)
No fan boy here. I'm getting old, and my tolerance for games is getting lower. I was going to wait until it was on sale on Steam 2 years later, but my son bought it for me. I played it through, including all the side missions and replayed multiple endings. There were some visible bugs, but to me they were just funny, and not game-breaking. As an ambitious open world game that kept me engaged for 100 hours of much-needed escaped, it was well worth the money.
Re: (Score:2)
Well, nice for you. But calling people that see this differently defective is pretty much overboard.
Re: (Score:2)
I am sorry for that. It wasn't meant to be that serious. I was cranked up and just fighting exaggeration with exaggeration in my mind, and it could have been way better stated. The usual rule applies: Take your time when replying to things...
Re: (Score:2)
Ah. In that case I am sorry too, because I did not notice this effect. I have made that mistake too in the past.
Re: (Score:1)
I prefer steampunk. (Score:4, Funny)
Re: (Score:2)
I'm waiting for gothpunk, rockpunk, medievilpunk and punkpunk.
Re:Guffaw (Score:5, Insightful)
Re: (Score:2)
The issue is, how you admit each and every employee back to the network clean slate without reinfecting it again.
Theoretically, if you pay up, it should just go away (if the ransomer is good on its word and the world is powered by fairy unicorns). Practically, in a shop where most of the work (due to pandemic) is done via VPN this is a nightmare scenario. You might as well ship every employee a new PC. Even for the spec you need to visuals in a game like that, it will probably be cheaper than
Re: (Score:2)
Rumor has it that even their backups were compromised and they paid the ransom in order to get the source back.
I would love to see something that substantiates this rumor but I'm not holding my breath for CD Projekt to clarify it.
Re: (Score:2)
If your "backups were compromised", then you had nothing more than a clone of yesterday's data, which could already have been bad. Backups aren't about oops a hard drive died, you need to keep backups of at least once a month for a year at the laziest. Backup tapes are much cheaper than having to deal with losing all your data.
Oh, and you have to test restoring the data too. Unreadable backups are more useless than ransomware-locked files.
Re: (Score:2)
100% Agreed!
I'm not sure if this is just sheer incompetence on CD Projekt or what. Isn't this like basic IT 101 stuff? LOL. I mean :-(
Re: (Score:2)
kudos to them for not paying the ransom. (in some states it's actually illegal to pay a ransom)
All you're doing is funding the group that hacked you, leading to them having more resources to hack more people. In exchange for your convenience, you're making the problem worse for everyone, including yourself. (it's not unheard of for the same group to be ransomed more tha once because they failed to tighten their systems or didn't get all the back doors cleaned out)
It's times like this where you have a Come
Re: (Score:2)
Re: (Score:2)
No. "gross negligence" is not forgivable in a business environment. This was not a mistake, this was negligence.
And this wasn't just one mistake. Network security is all about "defense in depth". Firewalls, security monitoring, desktop security, password policy, user education and training, backups, etc. There's a list of things they did wrong to get where they are. Without even being told what they did, I can assure you it's a long and cringe-wort
Re: (Score:2)
thank you cdpr (Score:5, Insightful)
My thanks to CDPR and Bombardier and every other company taking a stand and refusing to accede to these criminals.
It's painful but it's good for society.
Hopefully it will lead to fewer incidents, and greater risks by the miscreants that makes it easier to track them down and remove them from the internet.
Re: (Score:2)
If ransomware becomes unprofitable due to people not paying the ransom, they will use other methods to try and profit.
Perhaps threatening to disclose rather than encrypt the data.
Perhaps selling data or access to others (eg competitors).
Ransomware is very blatant, once someone receives the ransom demand they know they've been compromised and will immediately start investigating and trying to cut off access. If an attacker does nothing to draw attention however, they might be able to retain access for months
Re: (Score:3)
Perhaps threatening to disclose rather than encrypt the data.
Already happening.
https://www.theregister.com/20... [theregister.com]
Perhaps selling data or access to others (eg competitors).
Already happening.
https://www.forbes.com/sites/l... [forbes.com]
. If an attacker does nothing to draw attention however, they might be able to retain access for months or years undetected.
Already happening.
https://www.csoonline.com/arti... [csoonline.com]
Re: (Score:2)
This is something most people forgot. People who made a career being criminals have a very specific toolkit. When one way of making money available, the primary way to continue making the ends meet is to use this same toolkit in different ways, not to start building a different toolkit.
It's like when FBI actually managed to largely dismantle cartel networks to the point where it started threatening the flow of cocaine, cartels began to diversify into human kidnapping and ransom, and human trafficking and gr
Forget Cyberpunk. (Score:2, Interesting)
Re: (Score:2)
A question for the professionals on Slashdot (Score:2)
OK, so CD Project may have been pushed over the edge by a combination of their own buggy design and a ransomeware attack. There will be planty of discussion of this on other threads.
But, if the company you are working for was hit by a ransomeware attack what would be the likely outcome?
1) We'd go down the pan faster than a greasy turd
2) We'd probably survive, but it would be hard
3) We could rebuild everything in a weeks or two.
4) Isolate our primary DC then restore backups on the DR site in priority order.
5
It can take ages to recover (Score:2)
Re: (Score:2)
Yep, especially if people keep booting infected machines on the network. So the first task is to close all network ports and wifi routers so that only verified clean machines can join the network. After that you can start thinking about recovery.
The next task it to assign someone as management liaison. There is going to be a lot of shouting and yelling from people who don't understand what just happened. Find someone with the hide of a rhino and enough technical knowledge to explain the updates from the IT
Role-Playing Game? (Score:2)
On a computer? I think not. What you have there, mate, is a load of badly written scripts for NPCs and some graphics. An RPG would need to have a serious crack at the Turing Test.
They have not recovered after 2 weeks???? (Score:2)
Have they ever heard of DR and BCM? Apparently not. A sane set-up may need a few days, but after that it will be up and running again. Of course, that requires preparation ans some actual understanding of IT security. I guess there is no time for that when you do long-term "crunch"...
Re: (Score:3)
I have rarely seen procedures to rebuild from scratch or continue in "limp mode" if something goes wrong, let alone training staff on these procedures with fire drills. Years ago I was part of a team doing a Y2K assessment on a telecoms provider, and we found such large gaps in procedures and documentation that management decided to produce such rebu
Re: (Score:2)
I am aware. Basically only regulated industries really have these and there what they have is often not good. Like "DR Preparations done in 2018, Last DR test: Pending" (i.e. they never tested anything and in this case, DR involves a move to a different cloud...) like I had a few weeks back with one insurance company.
Interesting times.
Re: (Score:2)
These days there is even LESS reason NOT to be doing that sort of thing, atleast for the important stuff.
All the infra is built and maintained from code. If you go down the cloud route then you're talking terraform (or similar) for the infra. Ansible or similar for the App/System config all stored in source control. If you're not going down the cloud route then PXE booting is still a thing.
You want a new site, fine, let me change a few config values and I'll re-deploy everything. All of that should have r
Re: (Score:2)
These days there is even LESS reason NOT to be doing that sort of thing, atleast for the important stuff.
Indeed. These things have gotten massively easier to do. There still may be surprises (like some feature having to be done differently in a different cloud or, other real-world example, some company never considering that restoring > 10'000 laptops from images simultaneously actually requires I/O and network _bandwidth_ to be there and more than one person to talk users through it), and hence you do realistic tests. Before you do a realistic test you have no idea whether it will work and what manual task
Re: (Score:2)
DR - Disaster Recovery
BCM - Business Continuity Management
Most DR arrangements include a second site which can take over if the primary site is down. The problem is that the DR site usually keeps a mirror of the primary site. So if your primary site is trashed by a ransomware attack the DR mirror is also trashed. In that event you shut down primary, and rebuild from backups on the DR site. That leaves the primary site available for forensic investigation and data recovery while the business runs off the DR
Re: (Score:2)
I don't know, but if you have NB and TTFB you shouldn't have to worry too much.
Just bought a copy (Score:1)
I don't care about the current quality of the release I just wanted to support a company that doesn't give in to ransomware attacks. Maybe they could have better shielded themselves or maybe not, but the less people that give in the better.
Irony (Score:2)
kind of ironic that a company that puts out a (horrid) game about cyberpunks got pwned by real life cyberpunks.
Does not compute? (Score:2)
Your code is stored on a git server somewhere.
Your documents, pictures, videos,
Your development tools are downloadable from the vendors or from the distro repos
Your operating system ISO is available from hundreds of mirrors or from the vendor
Why in the world would a randsomware attack have more than a few hours of disruption? Sure you'd lose what you haven't pushed yet
Re: (Score:2)