Cyberpunk 2077 developer CD Projekt Red announced that it has “become the victim of a targeted cyberattack” that allegedly exposed the source code for many of its games.
In a message the developer shared on Twitter Tuesday morning, the hackers allege that they stole the closely guarded source code for Cyberpunk 2077, Gwent, and The Witcher 3 (including an unreleased prototype of the last). Documents “relating to accounting, administration, legal, HR, investors relations and more” were also allegedly compromised.
While the hackers apparently used ransomware software to lock CDPR out of certain parts of its systems, the company says it should be able to restore access to the data through backups. The company also remained defiant in the face of a ransom demand of an unspecified amount, saying it wouldn’t negotiate, despite a threat to release the stolen data. “We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” the company wrote. The demand came with a 48-hour deadline.
CDPR says that “to the best of our knowledge, the compromised systems did not contain any personal data of our players or users of our services.” That sets this attack apart from a recent ransomware attack against Capcom, in which Capcom store customers, employees, and esports team members were among the groups that may have had their personal information revealed to hackers.
The raw source code for a game, which is used to create the executable files distributed to players, is usually considered to be among a developer’s most valuable trade secrets. Back in 2003, the leak of source code for Valve’s then-unreleased Half-Life 2 led to the arrest of a German hacker. More recently, a large tranche of source code for classic Nintendo games was released online as part of a so-called “Gigaleak.”
A recent report by cybersecurity analysis firm Coveware found that total ransomware attack payments dipped slightly in the fourth quarter of 2020, after rising steadily for years prior, as more companies refuse to pay. An increasing number of those attacks now include threats to leak data online, Coveware found, and hackers often release that data even after the desired ransom is paid.