Expert Reaction On Cyberpunk 2077 Studio Falls Victim To Ransomware Attack

By   ISBuzz Team
Writer , Information Security Buzz | Feb 10, 2021 04:45 am PST

The maker Cyberpunk 2077 game hit by the ransomware attack, where attackers have been able to access the company’s internal network, encrypt some devices and copy the data. The company believes no personal data of the players is compromised. The company disclosed the hack by tweeting the note left by the hacker who claims to have accessed the source code of Cyberpunk 2077, Witcher 3Gwent, and an “unreleased version of Witcher 3.

Notify of
7 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jon Niccolls
Jon Niccolls , EMEA & APAC Incident Response Lead
February 10, 2021 1:56 pm

<p>These double extortion ransomware attacks, where the hackers steal data and threaten to leak it unless their demands are met, are increasingly common:  in Q3 2020, nearly half of all ransomware incidents included a threat of releasing stolen data.  It’s a trend that will continue to grow because it puts extra pressure on organizations to pay the ransom, or risk fines from data watchdogs if volumes of individuals’ data are compromised and publicly disclosed by the hackers. </p> <p> </p> <p>We would urge all organizations to defend themselves against the growing ransomware threat with solutions that can prevent these attacks and stop data leaks, and by training employees about the risks of phishing emails, as this is how many ransomware exploits are launched.  Our research shows that on average, every 10 seconds an organization becomes a victim of ransomware worldwide, but CD Projekt Red is doing the right thing by refusing to give in to the hacker’s demands.</p>

Last edited 3 years ago by Jon Niccolls
Javvad Malik
Javvad Malik , Security Awareness Advocate
February 10, 2021 1:50 pm

<p>We\’ve seen ransomware evolve, not only is it enough for criminals to encrypt data, but they will spend time within the victim\’s organisation, stealing valuable data, working out which data is worth encrypting, and how much they should set the ransom at.</p> <p><br />In many cases, these criminals go undetected in victim organisations for many months at a time.</p> <p><br />So, it\’s important that organisations have the right controls in place to prevent these attacks from being successful in the first place and have some form of monitoring and threat detection in place to see when they have been breached and to respond quickly.</p> <p> </p> <p>The ransom demands are interesting because the criminals know that the organisation can likely recover from backups. In this case, the ransomware itself isn\’t the issue – it\’s more of a statement to signal that they have breached the organisation. The fact that the ransom note was addressed to them shows it was a targeted attack.</p> <p><br />While ransomware itself can cause issues and not everything may be backed up, the real demand for payment is in exchange for the criminals not leaking the information they\’ve stolen. However, the issue with this approach is that even if the victim pays the money, there is no way to guarantee the criminals will actually delete the data.</p>

Last edited 3 years ago by Javvad Malik
Joseph Carson
Joseph Carson , Chief Security Scientist & Advisory CISO
February 10, 2021 1:47 pm

<p>Ransomware will continue to be the biggest cyber risk for many organizations globally and the latest victim is CD Projekt Red who recently came under immense pressure from the long awaited lunch of Cyberpunk 2077, only to find its quality below that of gamers expectations. <u></u><u></u></p> <p> </p> <p>This time ransomware and data theft is the latest challenge to bring CD Projekt Red into the news again and this could introduce further pressure. <u></u><u></u></p> <p> </p> <p>The ransomware gang not only locked internal systems but stole source code and internal documents in which they have threatened to release publicly. Ransomware continues to evolve again showing that stealing sensitive data is now merged with encrypting systems. What we are seeing with ransomware is that cybercriminals continue to abuse privileged access which enables them to steal sensitive data and deploy malicious ransomware. This means that organizations should prioritize privileged access as a top security measure to reduce the risks of ransomware and ensure strong access controls, a solid backup strategy and encryption for sensitive data.</p>

Last edited 3 years ago by Joseph Carson
Antti Tuomi
Antti Tuomi , Principal Security Consultant
February 10, 2021 1:45 pm

<p>In many cases, ransom attacks might not have actually even succeeded in an attack, but are luring the target to react quickly and pay a ransom to avoid consequences. In this case, however, based on CDPR\’s message, it appears they have been able to triage the case at least to the level that the breach did indeed happen and that part of their data was indeed encrypted. This lends credibility to the attack.</p> <p> </p> <p>The difficult aspect about the data being breached is that there is no reliable way to ever ensure it won\’t be published – once it has been copied, you have no means to ensure all copies are deleted even if you paid the ransom.</p> <p> </p> <p>CDPR is doing the right thing both for themselves and their customers by acknowledging the issue and its impact as well as informing everyone about what was affected and whether individuals should be worried about their data. Also, not agreeing to pay the ransom, even if it did cause their unreleased game source and assets to be leaked, is commendable.</p> <p> </p> <p>Finally, having a working backup system to restore from is likely a sigh of relief for them.</p>

Last edited 3 years ago by Antti Tuomi
Bert Steppé
Bert Steppé , Researcher, Tactical Defence Unit
February 10, 2021 1:29 pm

<p><span lang=\"EN-US\">It looks like this is not a typical ransomware attack where data is exfiltrated before being encrypted. The attacker seems aware that CDPR is probably able to restore the encrypted data from backups. I think the real motivation is extortion and damaging the company’s image. Since the attacker’s note doesn’t look too ‘professional’, maybe it’s just an angry gamer disappointed with the Cyberpunk 2077 game?</span></p>

Last edited 3 years ago by Bert Steppé

Recent Posts

Would love your thoughts, please comment.x