Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

CD Projekt Ransomware Hack Severely Disrupts Work on Cyberpunk Updates (bloomberg.com) 93

CD Projekt SA said Wednesday it will delay a promised update to the much-criticized role-playing game Cyberpunk 2077, pinning the blame for its slow progress on a recent security breach. From a report: What the Polish publisher didn't say is that most of its employees have been locked out of their workstations for the past two weeks, according to people familiar with the matter. The work stoppage is the result of a ransomware attack disclosed on Feb. 9. The extent of the disruption, which hasn't been previously reported, poses a major setback to CD Projekt's attempt to rescue a game in desperate need of repairs. CD Projekt has said it refused to pay a ransom to the hackers. As a result, employees remain unable to log onto the company's virtual private network, making it impossible to access the systems and tools needed to do most of their jobs, said the people, requesting anonymity because they weren't authorized to talk publicly. Although some CD Projekt employees are working from the headquarters in Warsaw, the majority are at home due to the coronavirus pandemic.
This discussion has been archived. No new comments can be posted.

CD Projekt Ransomware Hack Severely Disrupts Work on Cyberpunk Updates

Comments Filter:
  • by Lije Baley ( 88936 ) on Thursday February 25, 2021 @04:11AM (#61098272)

    What really is in desperate need of repair is the people who make this claim. The game was great and worth full price on PC. They should never have released it for ancient consoles.

    • Either your quality bar is very, very low, or we're talking about different games altogether.

      • by Xenx ( 2211586 )
        Or their bar is only somewhat low and yours is too high. Given your other comment about it having a rotten core, I am quite comfortable saying your bar is too high. I would say the "desperate need of repairs" assessment is accurate, if it's being said honestly and without an emotional bias.
        • by DarkOx ( 621550 )

          Its game. The test is are you having enough fun you feel like you are getting your monies worth or is the experience being ruined by frustration not related to intentional game play elements.

          I am not suggesting software houses making games should be given a total pass on quality issues by any strech but we are not calculating the interest on your retirement fund here, it really is ok if an NPC gets stuck in a wall once in a while, its less ok if the player gets stuck in a wall.

          my advice: Take off the jewele

        • They hyped the game and promised a plethora of game mechanics and behaviors which simply didn't materialize.
          Objectively speaking, compared to what CDPR promised, the game is at 30%, with many core mechanics missing altogether.

          Watch this, it explains things in great detail: https://www.youtube.com/watch?... [youtube.com]

          • by Xenx ( 2211586 )
            That still doesn't change the fact that your opinion is much lower than the average opinion of the game. Thus, your bar is high. Their opinion was actually closer to the average opinion, but a bit higher.

            You're more than welcome to your opinion, but so was the person you replied to. You don't need to be a dick just because they liked the game.
            • It's not a matter of opinion. Opinion is when you like Picasso and I don't. That's opinion, because it's based on subjective data.
              Missing or simplified Cyberpunk 2077 features is a matter of what was clearly announced and promised versus what came out in the end.

              Car analogy: if you're promised a 2020 supercar but are in fact given a 1995 small family car for the same premium price, you would be pissed. Hell, you would sue the maker for false advertising. But look, "average" people would be happy with it any

              • by Xenx ( 2211586 )
                It was an opinion that you replied to. Of course it's a matter of opinion. End of conversation.
    • Re: (Score:3, Informative)

      by tlhIngan ( 30335 )

      They should never have released it for ancient consoles.

      You're right. It would've been a much better game if the budget was cut 70%. That's about the split of revenue (30% PC, 70% console) - at the absolute best, it was 50-50 (but likely not - CDPR doesn't do DRM so it will be heavily pirated on PC), so without consoles, half your revenue is gone. The game's budget would've been cut by at least half.

      They couldn't release on next gen consoles because few people had the units - it would barely make a blip on

      • by Luckyo ( 1726890 )

        This is an interesting argument. But it's also a one that seems disconnected from reality, considering that Witcher 3 remains a massive seller to this day. On PC stores where its available.

        In spite of DRM free state.

        As opposed to countless "DRM'd to hell and back" games that get cracked a few months after release, and sell but a small fraction of its numbers.

        Could it be that DRM is not a magical sales generator among those that don't buy games in general?

        • by tlhIngan ( 30335 )

          This is an interesting argument. But it's also a one that seems disconnected from reality, considering that Witcher 3 remains a massive seller to this day. On PC stores where its available.

          In spite of DRM free state.

          As opposed to countless "DRM'd to hell and back" games that get cracked a few months after release, and sell but a small fraction of its numbers.

          Could it be that DRM is not a magical sales generator among those that don't buy games in general?

          I never said DRM would cause more sales. I just said

          • While the industry often cites piracy for lack of PC support that's just a way of easily dodging the topic. The reality is more like PC development is harder and costs more because you have to engineer something that will work well on the least powerful hardware to give you a wide sales-base while also making sure that it has something to offer on high-end hardware or the reviewers and the hardcore-players will rate you to hell. Minimal effort ports generally don't do well on PC, the audience simply expects
      • "And they're still losing money on it"
        Not if they fix it and convince people to give it a second chance (i.e. buy it and keep it).

      • CDPR doesn't do DRM so it will be heavily pirated on PC

        That's a stupid statement. Firstly presales on PC were incredibly strong thanks to the hype around the game. And people who pirate simply because something has no DRM aren't the type of people to simply buy it when it does. That's a PC customer base which is completely insignificant.

        Also interesting you claim a revenue split on consoles vs PCs and think that's somehow related to budget. There are many big budget PC titles that have no console equivalent. How do you think having it withdrawn from sale and re

    • by gweihir ( 88907 )

      Obviously not. Sure, if you are fan enough, you will overlook even severe defects. But not everybody has become a victim of the hype and hence completely irrational.

      • No fan boy here. I'm getting old, and my tolerance for games is getting lower. I was going to wait until it was on sale on Steam 2 years later, but my son bought it for me. I played it through, including all the side missions and replayed multiple endings. There were some visible bugs, but to me they were just funny, and not game-breaking. As an ambitious open world game that kept me engaged for 100 hours of much-needed escaped, it was well worth the money.

        • by gweihir ( 88907 )

          Well, nice for you. But calling people that see this differently defective is pretty much overboard.

          • I am sorry for that. It wasn't meant to be that serious. I was cranked up and just fighting exaggeration with exaggeration in my mind, and it could have been way better stated. The usual rule applies: Take your time when replying to things...

            • by gweihir ( 88907 )

              Ah. In that case I am sorry too, because I did not notice this effect. I have made that mistake too in the past.

    • Comment removed based on user account deletion
  • by h33t l4x0r ( 4107715 ) on Thursday February 25, 2021 @04:24AM (#61098294)
    Not for everybody, but still the healthiest way to prepare punk.
  • thank you cdpr (Score:5, Insightful)

    by Cederic ( 9623 ) on Thursday February 25, 2021 @05:00AM (#61098334) Journal

    My thanks to CDPR and Bombardier and every other company taking a stand and refusing to accede to these criminals.

    It's painful but it's good for society.

    Hopefully it will lead to fewer incidents, and greater risks by the miscreants that makes it easier to track them down and remove them from the internet.

    • by Bert64 ( 520050 )

      If ransomware becomes unprofitable due to people not paying the ransom, they will use other methods to try and profit.
      Perhaps threatening to disclose rather than encrypt the data.
      Perhaps selling data or access to others (eg competitors).

      Ransomware is very blatant, once someone receives the ransom demand they know they've been compromised and will immediately start investigating and trying to cut off access. If an attacker does nothing to draw attention however, they might be able to retain access for months

      • by Cederic ( 9623 )

        Perhaps threatening to disclose rather than encrypt the data.

        Already happening.
        https://www.theregister.com/20... [theregister.com]

        Perhaps selling data or access to others (eg competitors).

        Already happening.
        https://www.forbes.com/sites/l... [forbes.com]

        . If an attacker does nothing to draw attention however, they might be able to retain access for months or years undetected.

        Already happening.
        https://www.csoonline.com/arti... [csoonline.com]

        • by Luckyo ( 1726890 )

          This is something most people forgot. People who made a career being criminals have a very specific toolkit. When one way of making money available, the primary way to continue making the ends meet is to use this same toolkit in different ways, not to start building a different toolkit.

          It's like when FBI actually managed to largely dismantle cartel networks to the point where it started threatening the flow of cocaine, cartels began to diversify into human kidnapping and ransom, and human trafficking and gr

  • Forget Cyberpunk. (Score:2, Interesting)

    by Rip!ey ( 599235 )
    Buy Valheim instead. Join the ranks of the Vikings. Low level cost, high level enjoyment.
  • OK, so CD Project may have been pushed over the edge by a combination of their own buggy design and a ransomeware attack. There will be planty of discussion of this on other threads.

    But, if the company you are working for was hit by a ransomeware attack what would be the likely outcome?

    1) We'd go down the pan faster than a greasy turd
    2) We'd probably survive, but it would be hard
    3) We could rebuild everything in a weeks or two.
    4) Isolate our primary DC then restore backups on the DR site in priority order.
    5

  • These ransomware attacks wreck every PC on the network and everything has to be rebuilt from scratch in a more secure form. On top of that, all binaries including assets, either checked in or not have to be validated & checked against backups that precede the attack to be sure that the attackers haven't put any backdoors. And all the servers, automated build systems, VMs etc. have to be rebuilt. And probably the company will have to send off all the harddrives for forensic analysis and get the cops invo
    • Yep, especially if people keep booting infected machines on the network. So the first task is to close all network ports and wifi routers so that only verified clean machines can join the network. After that you can start thinking about recovery.

      The next task it to assign someone as management liaison. There is going to be a lot of shouting and yelling from people who don't understand what just happened. Find someone with the hide of a rhino and enough technical knowledge to explain the updates from the IT

  • On a computer? I think not. What you have there, mate, is a load of badly written scripts for NPCs and some graphics. An RPG would need to have a serious crack at the Turing Test.

  • Have they ever heard of DR and BCM? Apparently not. A sane set-up may need a few days, but after that it will be up and running again. Of course, that requires preparation ans some actual understanding of IT security. I guess there is no time for that when you do long-term "crunch"...

    • Those are undervalued fields of endeavor. Not a profit center, so every year you'll hear the same question from some exec: "Why exactly are we doing this?"

      I have rarely seen procedures to rebuild from scratch or continue in "limp mode" if something goes wrong, let alone training staff on these procedures with fire drills. Years ago I was part of a team doing a Y2K assessment on a telecoms provider, and we found such large gaps in procedures and documentation that management decided to produce such rebu
      • by gweihir ( 88907 )

        I am aware. Basically only regulated industries really have these and there what they have is often not good. Like "DR Preparations done in 2018, Last DR test: Pending" (i.e. they never tested anything and in this case, DR involves a move to a different cloud...) like I had a few weeks back with one insurance company.

        Interesting times.

        • by nzkbuk ( 773506 )

          These days there is even LESS reason NOT to be doing that sort of thing, atleast for the important stuff.

          All the infra is built and maintained from code. If you go down the cloud route then you're talking terraform (or similar) for the infra. Ansible or similar for the App/System config all stored in source control. If you're not going down the cloud route then PXE booting is still a thing.

          You want a new site, fine, let me change a few config values and I'll re-deploy everything. All of that should have r

          • by gweihir ( 88907 )

            These days there is even LESS reason NOT to be doing that sort of thing, atleast for the important stuff.

            Indeed. These things have gotten massively easier to do. There still may be surprises (like some feature having to be done differently in a different cloud or, other real-world example, some company never considering that restoring > 10'000 laptops from images simultaneously actually requires I/O and network _bandwidth_ to be there and more than one person to talk users through it), and hence you do realistic tests. Before you do a realistic test you have no idea whether it will work and what manual task

  • by Anonymous Coward

    I don't care about the current quality of the release I just wanted to support a company that doesn't give in to ransomware attacks. Maybe they could have better shielded themselves or maybe not, but the less people that give in the better.

  • kind of ironic that a company that puts out a (horrid) game about cyberpunks got pwned by real life cyberpunks.

  • So, you're a programmer. You get locked out of your PC.

    Your code is stored on a git server somewhere.
    Your documents, pictures, videos, ... personal data in general are stored on OneDrive, DropBox, Google Drive or similar
    Your development tools are downloadable from the vendors or from the distro repos
    Your operating system ISO is available from hundreds of mirrors or from the vendor

    Why in the world would a randsomware attack have more than a few hours of disruption? Sure you'd lose what you haven't pushed yet

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...