The maker Cyberpunk 2077 game hit by the ransomware attack, where attackers have been able to access the company’s internal network, encrypt some devices and copy the data. The company believes no personal data of the players is compromised. The company disclosed the hack by tweeting the note left by the hacker who claims to have accessed the source code of Cyberpunk 2077, Witcher 3, Gwent, and an “unreleased version of Witcher 3.
7 Responses
<p>These double extortion ransomware attacks, where the hackers steal data and threaten to leak it unless their demands are met, are increasingly common: in Q3 2020, nearly half of all ransomware incidents included a threat of releasing stolen data. It’s a trend that will continue to grow because it puts extra pressure on organizations to pay the ransom, or risk fines from data watchdogs if volumes of individuals’ data are compromised and publicly disclosed by the hackers. </p> <p> </p> <p>We would urge all organizations to defend themselves against the growing ransomware threat with solutions that can prevent these attacks and stop data leaks, and by training employees about the risks of phishing emails, as this is how many ransomware exploits are launched. Our research shows that on average, every 10 seconds an organization becomes a victim of ransomware worldwide, but CD Projekt Red is doing the right thing by refusing to give in to the hacker’s demands.</p>
<p>We\’ve seen ransomware evolve, not only is it enough for criminals to encrypt data, but they will spend time within the victim\’s organisation, stealing valuable data, working out which data is worth encrypting, and how much they should set the ransom at.</p> <p><br />In many cases, these criminals go undetected in victim organisations for many months at a time.</p> <p><br />So, it\’s important that organisations have the right controls in place to prevent these attacks from being successful in the first place and have some form of monitoring and threat detection in place to see when they have been breached and to respond quickly.</p> <p> </p> <p>The ransom demands are interesting because the criminals know that the organisation can likely recover from backups. In this case, the ransomware itself isn\’t the issue – it\’s more of a statement to signal that they have breached the organisation. The fact that the ransom note was addressed to them shows it was a targeted attack.</p> <p><br />While ransomware itself can cause issues and not everything may be backed up, the real demand for payment is in exchange for the criminals not leaking the information they\’ve stolen. However, the issue with this approach is that even if the victim pays the money, there is no way to guarantee the criminals will actually delete the data.</p>
<p>Ransomware will continue to be the biggest cyber risk for many organizations globally and the latest victim is CD Projekt Red who recently came under immense pressure from the long awaited lunch of Cyberpunk 2077, only to find its quality below that of gamers expectations. <u></u><u></u></p> <p> </p> <p>This time ransomware and data theft is the latest challenge to bring CD Projekt Red into the news again and this could introduce further pressure. <u></u><u></u></p> <p> </p> <p>The ransomware gang not only locked internal systems but stole source code and internal documents in which they have threatened to release publicly. Ransomware continues to evolve again showing that stealing sensitive data is now merged with encrypting systems. What we are seeing with ransomware is that cybercriminals continue to abuse privileged access which enables them to steal sensitive data and deploy malicious ransomware. This means that organizations should prioritize privileged access as a top security measure to reduce the risks of ransomware and ensure strong access controls, a solid backup strategy and encryption for sensitive data.</p>
<p>In many cases, ransom attacks might not have actually even succeeded in an attack, but are luring the target to react quickly and pay a ransom to avoid consequences. In this case, however, based on CDPR\’s message, it appears they have been able to triage the case at least to the level that the breach did indeed happen and that part of their data was indeed encrypted. This lends credibility to the attack.</p> <p> </p> <p>The difficult aspect about the data being breached is that there is no reliable way to ever ensure it won\’t be published – once it has been copied, you have no means to ensure all copies are deleted even if you paid the ransom.</p> <p> </p> <p>CDPR is doing the right thing both for themselves and their customers by acknowledging the issue and its impact as well as informing everyone about what was affected and whether individuals should be worried about their data. Also, not agreeing to pay the ransom, even if it did cause their unreleased game source and assets to be leaked, is commendable.</p> <p> </p> <p>Finally, having a working backup system to restore from is likely a sigh of relief for them.</p>
<p><span lang=\"EN-US\">It looks like this is not a typical ransomware attack where data is exfiltrated before being encrypted. The attacker seems aware that CDPR is probably able to restore the encrypted data from backups. I think the real motivation is extortion and damaging the company’s image. Since the attacker’s note doesn’t look too ‘professional’, maybe it’s just an angry gamer disappointed with the Cyberpunk 2077 game?</span></p>
<p>CDPR has done a good job in being transparent, where the statement was published almost immediately after discovering the breach. Transparency is key in demotivating attackers from having an upper hand in the negotiation process since the public already knows about the breach and is expecting further updates.</p> <p> </p> <p>While it remains to be seen how their internal systems were breached, the lesson from this breach is a good reminder to all organizations out there. It is always better to assume and operate in the mindset of “when you will be targeted” rather than “if you will be targeted”. Organizations should work towards reducing the attack surface continuously, not just as a one-time effort.</p> <p> </p> <p>CDPR indicated they are already in the process of restoring from backups. That is a good sign where they probably have routinely tested their backup and is something organizations should also practice doing. Organizations must have a response plan in place ready to take effect when needed, but at the same time, constantly being rehearsed so that employees are aware of their next course of action.</p> <p> </p> <p>While it is a sad situation where large organizations such as this are being compromised, on the bright side, CDPR’s stance of not negotiating with the attacker is commendable. This perhaps would set an example to others to not give in, which may hamper the attackers operation further”.</p>
<p>It looks like Cyberpunk 2077 developer CD Projekt has been cyberpunked, as it is just the latest cyber firm to be hit by hackers in recent months. </p> <p> </p> <p>While CD Projekt says that to the best of its knowledge, no personal or financial data about its players or users of its services were accessed in the breach, players and users should still practice extreme caution. They may receive social engineered emails, texts, or even phone calls from parties claiming to represent CD Projekt but are in fact, bad actors. This is just common sense for all users whose providers (or publishers of their favourite games) have experienced a hack.</p>