Cyberpunk 2077 makers CD Projekt hit by ransomware hack

By Cristina Criddle
Technology reporter

  • Published
Cyberpunk 2077 imageImage source, CD Projekt RED
Image caption,
Cyberpunk 2077 has been beset by delays and glitches

The maker of popular video game Cyberpunk 2077 has been hacked in a ransomware attack.

CD Projekt Red said hackers had accessed its internal network, digitally scrambled some of its data servers and tried to blackmail it.

The perpetrators claim to have stolen source code for several of the firm's games which they said they would leak unless a payment was made.

But the Polish games company said it would not negotiate.

In a statement on Twitter, CD Projekt Red posted a copy of the ransom note which said the hackers had copied code from Cyberpunk 2077, Gwent, and Witcher 3, including an unreleased version of the latter.

“We have also dumped all of your documents relating to accounting, administration legal, HR, investor relations and more!” the note added.

"Dumping" means copying the information to an external source.

“If we will not come to an agreement, then your source codes will be sold or leaked online and your documents will be sent to our contacts in gaming journalism,” read the note, giving a deadline of 48 hours.

Source code is the human-readable version of a computer program before it is transformed for use. Releasing it could make it easier for people to write hacks for the titles or even publish their own altered versions, as well as reveal some of their development secrets.

In a statement, posted by the game developers on Twitter, it said it has secured its “IT infrastructure and begun restoring the data” from back-ups.

“We will not give in to the demands or negotiate with the actor,” it said, adding that no personal data had been compromised in the breach.

The company has informed law enforcement and data protection authorities, while it investigates the issue.

Media caption,
Keanu Reeves talks to BBC Sounds podcast Press X to Continue

This is the latest in a series of bad news for the developers after the release of Cyberpunk 2077 was delayed several times, only for users to then experience glitches in the game.

"This will be frustrating for users of the game, but as consumers are generally very sympathetic when something like this happens," said Louise Shorthouse, senior gaming analyst at Ampere Analysis.

"This comes after a string of recent ransomware attacks on games companies, including Capcom and Ubisoft late last year.

"Fixes and updates for Cyberpunk 2077 may take a backseat for a while, as mitigating the effects of the ransomware attack becomes the priority."

This probably couldn't have come at a worse time for the embattled games studio.

However, its response has been extraordinary and is already being praised by the cyber-security world.

In one Tweet, the company has demonstrated a new gold standard response to dealing with ransomware.

The company is being transparent about the attack but also says it is not negotiating with the cyber-criminals and instead relying on well-managed back-up systems.

CD Projekt Red has even released a screen grab of the ransom note which will be invaluable for researchers.

It doesn't sound like much and there will be questions about how the firm was able to be breached in the first place.

But in a world of empty press releases and companies secretly paying criminals huge ransoms, CD Projekt Red has shown what can and, in the eyes of many, should be done to deal with the growing problem of ransomware hacking.

Related Topics