CD Projekt have announced they have been the victim of a ransomware hack, the third such case for a video games company in four months.
On Twitter the company announced they discovered the cyber attack on February 8th. The hacker had obtained access to their internal network, gathered data, encrypted their system, and left a ransom note as a .txt file. The hacker states they had been “EPICALLY pwned!!”
The ransom note admits that while the company’s back ups will render the encrypted systems a fruitless effort, what they could release will still damage the company. The hacker claims to have full copies of source codes from Cyberpunk 2077, Gwent, The Witcher 3: Wild Hunt, and an unreleased version of the latter.
The hacker also claims to have obtained documents related to accounting, administration, legal, human resources, investor relations, and more. The hacker states that if their demands are not met, the source codes will be sold, while the administrative documents will be sent to “our contacts in gaming journalism.”
“Your public image will go down the shitter even more and people will see how you [sic] shitty your company functions,” the hacker threatens. “Investors will lose trust in your company and the stock will dive even lower!”
The hacker demanded CD Projekt contact them within 48 hours. In the Twitter statement, CD Projekt stated they will not give into to the demands, even if it does lead to the data being released.
CD Projekt state they have already secured their network and begun restoring data, are taking steps to mitigate the outcome of the data being released (including approaching those who would be affected by it), and contacted the relevant authorities and IT forensic specialists. To CD Projekt’s knowledge, the compromised systems did not contain any personal information of customers or players.
The situation bears comparison to the Capcom Ragnar Locker Ransomware hack and subsequent leaks [1, 2] of November 2020. Along with information on upcoming games (some of which seems to have come true) and politically correct business strategies.
The hackers also obtained employee personal information, HR information, and 350,000 items of customer and business partner personal information (none of which was credit card information).
Koei Tecmo Europe’s forums were also hacked in late December 2020. The hacker reportedly asked for Bitcoin, claimed Koei Tecmo had lackluster digital security, and failed to follow GDPR guidelines by not informing their users about the hack sooner.
CD Projekt has had months of negative press thank to Cyberpunk 2077. As previously reported, the game’s numerous delays and leaked footage were not the end of the woes for CD Projekt Red. One reviewer suffered a major epileptic seizure, and accused the developer on basing the Braindance headset off a medical device designed to intentionally induce seizures.
Despite high praise from initial reviews, users complained of Cyberpunk 2077‘s numerous glitches and bugs; along with poor optimization, and the console version having inferior graphics and more bugs. Even critic reviews that praised the game also discussed those issues.
CD Projekt Red stock value dropped by 29% in a week after the game launched. The developer also had to recommend fans to complete the game quickly and avoid crafting too many items to prevent save file corruption, which was later patched.
CD Projekt Red apologized for the game’s advertising and launch, and offered full refunds. However, two lawsuits have been launched by investors- one in Poland also being an attorney.
A Q&A investor call reportedly had CD Projekt Red denying they had any special agreements for refunds for Cyberpunk 2077 on consoles, and that they were working on the PlayStation 4 and Xbox One versions of the game “until the very last minute.” The game’s director would later deny claims about development troubles made in a Bloomberg report that cited anonymous employees.
Both Sony and Microsoft stated they would offer full refunds for the game. Sony would remove the game from the PlayStation Store, but there were “no talks” of Microsoft removing it from theirs.
Despite selling 13 million copies, the founders of developer CD Projekt Red were predicted to have lost $1 billion USD. The company also shared their “Commitment to Quality” agenda, and FAQ trying to explain how the issues came about. The Polish Office of Competition and Consumer Protection (UOKiK) is also monitoring CD Projekt.
Even a patch designed to fix many issues the game had introduced a new game-breaking issue until a hotfix resolved that. There are some silver linings. After Tesla CEO Elon Musk announced the new Model S could play the game via its internal computer, CD Projekt’s stock rose 19%; the highest rise since June 2015.
Image: Cyberpunk 2077 via Steam