{"id":38701,"date":"2021-02-09T11:48:52","date_gmt":"2021-02-09T16:48:52","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=38701"},"modified":"2022-05-05T04:38:04","modified_gmt":"2022-05-05T08:38:04","slug":"cd-projekt-ransomware-attack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/cd-projekt-ransomware-attack\/38701\/","title":{"rendered":"Cyberpunk 2021: CD Projekt attacked by ransomware gang"},"content":{"rendered":"

CD Projekt has issued a statement<\/a>, saying that unspecified ransomware attacked the company\u2019s information systems. The company, known for game series The Witcher<\/em> and the notorious Cyberpunk 2077<\/em> project and behind digital distribution service GOG.com, says that to its knowledge users\u2019 personal data wasn\u2019t affected by the attack.<\/p>\n

What happened?<\/h2>\n

According to the statement, unknown hackers penetrated internal company systems, downloaded a significant amount of data, encrypted all information, and left a ransom note. In the note, they threatened CD Projekt with the publication of the data they\u2019d acquired. This modus operandi corresponds with ransomware tactics common over the past few years<\/a>, not only encrypting data, but also threatening to leak it.<\/p>\n

The incident might be just another fast-disappearing news item about a ransomware attack if not for the company\u2019s reaction to the attack. CD Projekt says it does not plan to give in to any demands, or even to negotiate with the ransomware operators. Instead, the company plans to focus on mitigation, in particular by working with potentially affected third parties. In addition, CD Projekt published the ransom note.<\/p>\n

We support the decision not to pay, as well as such transparency in communications about the incident. Any payment to extortionists makes their ransomware business more profitable and supports the development of more and better malicious tools \u2014 but does not guarantee the criminals won\u2019t publish the stolen data anyway. (CD Projekt had backups of all critical information, so recovering the data was never an issue in this case.)<\/p>\n

What was stolen?<\/h2>\n

The ransom note\u2019s list of compromised data is suspect \u2014 criminals are not necessarily trustworthy reporters \u2014 but it\u2019s the only information the public has about what was stolen. CD Projekt neither confirmed nor denied its accuracy. The criminals claimed they stole information from the Perforce version control server, including the full source code of several games:<\/p>\n