According to the Polish video game studio CD PROJEKT, the company has been hit by a ransomware attack as hackers have accessed its internal systems and encrypted devices within its network.
In a statement published to their Twitter account, the gaming company wrote:
“An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note.
Although some of our devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.“
In its tweet, CD Projekt also included a ransomware note from the attackers which reads:
“If we will not come to an agreement, then your source codes will be sold or leaked online and your documents will be sent to our contacts in gaming journalism.”
To add insult to injury, the note alluded to the recent issues CD Projekt has faced surrounding the release of Cyberpunk 2077.
After the release of Cyberpunk 2077, the developing company was hit with great criticism over performance issues and bugs which plagued the console versions of their highly anticipated sci-fi game. Since December, CD Projekt has experienced a great drop-in company shares.
Despite the hacker’s attempt to exploit the company’s recent surge of issues, CD Projekt has asserted:
“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data. We are taking the necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.”
“We are still investigating the incident, however at this time, we can confirm that – to our best knowledge – the compromised systems did not contain any personal data of our players or users of our services.
CD Projekt has contacted law enforcement and Jan Nowak, the president of Poland’s Personal Data Protection Office (UODO), as well as IT forensics investigators in an attempt to bring the cyber attacker to justice.
CD Projekt Red has not identified what kind of ransomware was used to attack its systems. Some commentators had linked the attack to a disgruntled gamer, while others suggest that it could be HelloKitty, a ransomware group.
Since the cyber-attack, CD Projekt’s shares have dropped a further 5.5%. One can only hope that the company will be able to recover from the damage this entire debacle has caused.