CD Projekt Red, a company behind widely popular games like Cyberpunk 2077 and The Witcher, says it was target of a cyber attack during which a malicious actor gained access to the company’s internal network, encrypted some of devices and “collected certain data belonging to CD Project.”
In a tweet disclosing the security incident, the company shared a ransomware note left by the attackers, who claim to have stolen full copies of the source codes from a Perforce server for Cyberpunk 2077, The Witcher 3, Gwent, and the unreleased version of The Witcher 3. The intruders are threatening to release the source code alongside internal legal, HR, and financial documents if the company fails to meet the hackers’ demands.
“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” CD Projekt Red wrote in response. The company added that although some devices in its network have been encrypted, “our backups remain intact,” and it has secured its IT infrastructure and started restoring data.
CD Projekt Red also added that the compromised system did not contain any personal data of players or users of the company’s services.