Security News > 2021 > February > Hackers hit CD Projekt Red, steal data, ask for ransom

Polish game developer CD Projekt Red has been hit by hackers, who breached its internal network, stole data, encrypted some devices, and asked for a ransom to not sell of leak online sensitive company documents and the source code of some of their more popular games.

The company categorized the attack as targeted, and admitted that the attacker managed to access the company's internal network and "Collected certain data belonging to CD PROJEKT capital group."

This is not the first time CD Projekt Red was hit by hackers - it happened also in June 2017, when the attackers stole internal files and documents connected to early designs for the Cyberpunk 2077 game, and threatened to publish them if the company did not pay a ransom.

Antti Tuomi, Principal Security Consultant at F-Secure, noted that the difficult aspect about the data being breached is that, once it has been copied, there is no reliable way to ever ensure it won't be published and all copies deleted even if the victim pays the ransom.

Iain Chidgey, VP EMEA at Sumo Logic - a company that works with game developers like SEGA Europe and The Pokemon Company - said that based on the ransom noted shared by CD Projekt Red, this appears to be an attack on the company's software development process that led to the hackers getting in.

"For games developers and publishers, protecting their operations involves securing game assets and IP alongside the cloud instances and services running the games instances. For the biggest games, the data volumes coming from players in the cloud leads to this being a machine readable problem and no longer a human readable issue. If we are able to observe our software supply chains and all the data loads created by online gaming instances over time, we can be more secure."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/3CS3QZ8-Iks/