Two days ago, CD Projekt Red announced that it had become a victim of the ransomware, and now information has emerged that most likely the HelloKitty ransomware was behind the attack.
The ransomware claimed to have stolen the source code for games such as Cyberpunk 2077, The Witcher 3 (including an unreleased version with ray tracing) and Gwent, as well as financial, legal, administrative and HR documentation.CD Projekt Red wrote that it does not intend to negotiate with criminals and pay them a ransom, realizing that in the end, compromised data could still be disclosed.
As information security experts, including Fabian Vosar from Emisoft, later reported that judging by the published extortionate note, the relatively new ransomware HelloKitty was behind this attack. This malware has been active since November 2020 and targets large companies, for example, the Brazilian energy company CEMIG is among the known victims.
Another cybersecurity specialist, VX-Underground, wrote on Twitter that the attackers have already put the stolen data up for auction. The starting price of the “lot” with the game source codes and other stolen information is $1,000,000 in increments of $500,000, and the “blitz price” is $7,000,000.
To prove the identity of the stolen data, the seller redengine shared a text file containing a list of directories from the alleged source code of The Witcher 3. The attackers also published a 21 GB archive for free, which allegedly contains the source code of the game “Gwent”.
Analysts of the information security company Kela write that this auction does not look like a fake, at least because of the aforementioned list of directories and the desire of hackers to use a guarantor to conduct a transaction.
Let me remind you that I also wrote that the ransomware masked itself as a beta version of Cyberpunk 2077 for Android.