CD Projekt Red, a game developer and publisher based in Poland, has announced that hackers used ransomware to compromise a few of its systems and stole some data in the process. The company says it won’t comply with the demands.
CD Projekt Red, known for The Witcher franchise and the recently launched Cyberpunk 2077 game, shared some details of the attack on Twitter, but left out some information, although it’s possible they don’t who they are. Still, the company was very transparent about the breach and even posted the hacker’s messages, which is uncommon in official channels.
The attackers say that they have encrypted all of CD Projekt Red servers and stole documents relating to accounting, administration, legal, human resources, investor relations and more. How much of that is true remains unclear. The company says that only some devices on the network were encrypted and that the backups are safe. The restoration process is already underway.
The company also said on Twitter that, to the best of their knowledge, no personal data belonging to players has been leaked, which is likely the only silver lining in this story.
Ransomware gangs changed the way they operate in the past couple of years, and they now also blackmail victims with stolen data. It’s a pressure point for a victim who has backups available.
CD Projekt Red notified the authorities and is investigating. For now, the company says it won’t respond to demands and is advising all affected parties to brace for possible data leaks.