The maker of Cyberpunk 2077 game hit by the ransomware attack, where attackers have been able to access the company’s internal network, encrypt some devices and copy the data. The company believes no personal data of the players is compromised. The company disclosed the hack by tweeting the note left by the hacker who claims to have accessed the source code of Cyberpunk 2077, Witcher 3, Gwent, and an “unreleased version of Witcher 3.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>High profile organisations like CD Project Red are targets of disproportionate attacks both due to their notoriety and the fact that their presence in the news gives attackers more ammunition to craft compelling phishing lures for social engineering attacks. In this case, it does appear that CD Project Red has handled the situation particularly well by proactively coming forward to announce the breach and to control the news narrative. It’s encouraging that they have reported that no customer data was accessed during the breach, however, if the attackers were able to exfiltrate source code for the popular Cyberpunk 2077 and Witcher games it could lead to more targeted exploit development aimed at a widespread player base. The decision to refuse to pay the attacker’s ransom demand is the right one here. With intact backups, CDPR should be able make a complete recovery, and if game code were stolen, there is no way to verify that the cybercriminals would not try to sell it anyway.</p>
<p><span lang=\"EN-US\"><strong>1: <u>All servers encrypted by the threat actor</u>.</strong> </span></p> <p><span lang=\"EN-US\">The fact that CD Projekt Red have good back up and separation has saved them, it’s promising to see good hygiene in practice limiting or removing impact from an attack like this.</span></p> <p><br /><span lang=\"EN-US\"><strong>2: <u>Source code has been leaked for some major titles</u>.</strong> </span></p> <p><span lang=\"EN-US\">The reality is that use of that leaked code is protected by licensing law, so another company can’t just take it and use it, or even snippets of it. As for the ‘pirates’, they would need jailbroken platforms to be able to release anything and at the moment the specs are so high for CyberPunk, those jailbreaks are unlikely to be available in the short to mid-term. Perhaps a PC version could be done. Will this break the company as the attackers suggest? I’m no financier but I doubt it, a company like this is valued on its vitality, creativity and capability. Of course, IP is important but it’s not like any rights to that IP have been lost, the most valuable assets to this company are its people.</span></p> <p><br /><span lang=\"EN-US\"><strong>3: <u>Personal data has been leaked</u>.</strong></span></p> <p><span lang=\"EN-US\"> While we don’t yet know what personal data has been leaked, this could have the biggest impact to Projekt. If it’s found that insufficient security measures were in place, then there could be a very large turnover-based fine from the supervisory authority in relation to GDPR. Also, if business contacts and talented staff details are released that opens the door to potential head-hunters and competitors.\"</span></p>