Threat actors behind the recent ransomware attack against CD Project Red are reportedly auctioning the alleged source code for Cyberpunk 2077 and The Witcher 3 on the Russian-language underground forum “Exploit.”
On Tuesday, the video game maker CD Project Red disclosed a ransomware attack on its internal systems. The company shared a ransomware note left by the attackers, who claim to have stolen full copies of the source codes from a Perforce server for Cyberpunk 2077, The Witcher 3, Gwent, and the unreleased version of The Witcher 3. At the time, CD Project Red stated that it will not negotiate with the attackers.
According to the Twitter account @vxunderground, the hackers put on sale the source code for ‘Gwent’ card game,” as well as The Witcher 3 and CyberPunk 2077.
“This is the source code to ‘Gwent’ card game… Witcher 3, CyberPunk 2077, etc. is being auctioned today on EXPLOIT forums…The ransomware authors said they will not be auctioning data anywhere else – any other location other than EXPLOIT is fake,” according to the tweets.
The offered information allegedly includes stolen internal documents, 'CD Projekt offenses,' and the source code for Cyberpunk 2077, Witcher 3, Thronebreaker, and an unreleased Witcher 3 version with raytracing.
@vxunderground also said that the starting bid for the data is set at $1 million, but could be bought outright for $7 million. To participate in the auction bidders must have a deposit on the forum of 0.1 BTC.
According to security researchers, the ransomware attack against CD Project Red may have been the work of a ransomware group tracked as HelloKitty, which has been active from November 2020. The HelloKitty malware disables various processes and services before encrypting files on a victim’s device. While not particularly active, HelloKitty is believed to be behind past attacks against other large organizations, including Brazilian energy firm CEMIG in December last year.