- Cyberpunk 2077 and The Witcher 3 source code were stolen in a ransomware attack.
- When CD Projekt Red refused to pay the ransom the hackers auctioned the source code files on the dark web.
- It is still unclear who the buyer is or what they intend to do with the files.
The auction was held on a popular hacking forum on the dark web, and the bidding started at $1 million, according to Vx-underground. The auction concluded shortly after, once hackers received a satisfying bid, per KELA Research.
CD Projekt Red the developer behind the much-touted game Cyberpunk 2077 was speciously hacked and massive sensitive data were stolen. This after a catastrophic release of the continuously delayed Cyberpunk 2077 earlier. Hacked data include the source code for games like Cyberpunk and it's another popular franchise, The Witcher.
One of the threats from hackers was that if CD Projekt Red did not give them money, they would make public the information they had stolen, including the source codes of their current games. This means that many people could start creating games that are identical to Cyberpunk 2077 to try to scam the Internet.
The company immediately made it known that they had no intention of negotiating with the people who attacked them and in response to this, the hackers decided to sell the source codes of the aforementioned titles on the black market, that is, the Dark Web.
The Dark Web Monitoring Organization KELA reports that an auction set up to sell the files has now closed after a "successful bid" was made from outside the forum it was being held on. That offer reportedly stipulates that the code will no longer be distributed or sold. The cybersecurity account vx-underground also reported that they had heard that the sale was completed.
Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfying offer from outside the forum was received, with the condition of no further distribution or selling. pic.twitter.com/4Z2zoZlkV6— KELA (@Intel_by_KELA) February 11, 2021
Speaking to IGN, Victoria Kivilevich, KELA's Threat Intelligence Analyst, explained that it appears that all the stolen files, which include the source code for Cyberpunk 2077, multiple versions of The Witcher 3, and Gwent, were sold in one package. It is still unclear who the buyer is or what they intend to do with the files as of this writing.
While not yet confirmed, several cybersecurity experts have pointed out that the ransomware attack came from a group called HelloKitty, based on the title and content of the ransom note released by CD Projekt after the attack.
The amount of people that are thinking this was done by a disgruntled gamer is laughable. Judging by the ransom note that was shared, this was done by a ransomware group we track as "HelloKitty". This has nothing to do with disgruntled gamers and is just your average ransomware. https://t.co/RYJOxWc5mZ— Fabian Wosar (@fwosar) February 9, 2021