CD Projekt Red says it was hacked but won't pay the ransom

polonyc2

Fully [H]
Joined
Oct 25, 2004
Messages
25,779
CD Projekt Red has been hacked, with several company documents and source codes for their games being stolen and held under ransom...the note claims that the source code for Cyberpunk 2077, Witcher 3, Gwent, and an unreleased version of Witcher 3 has been stolen...documents relating to accounting, administration, legal, HR, investor relations, "and more" are also allegedly compromised

CDPR hasn't explicitly confirmed or stated what data has been dumped, saying the hackers gained access to "certain data belonging to CD PROJEKT capital group." They also reassured people that currently, there is no evidence to suggest any personal data of players was stolen...the hackers also managed to encrypt CDPR's servers, though the company has confirmed "our backups remain intact. We have already secured our IT infrastructure and begun restoring the data."...

https://www.engadget.com/cd-projekt-red-says-it-was-hacked-but-wont-pay-any-ransom-090055291.html
 

Attachments

  • 852.jpg
    852.jpg
    351.3 KB · Views: 0
  • 853.jpg
    853.jpg
    101.6 KB · Views: 0
Since they are not willing to pay I would assume they have proper backup solutions in place and can roll it out relatively quickly. I would hope so anyway.
More than that, I think they're not worried about what the person or group grabbed off the servers. Whatever they got isn't enough to hold the company or the board ransom.
 
Since they are not willing to pay I would assume they have proper backup solutions in place and can roll it out relatively quickly. I would hope so anyway.
Quick is relative. It costs money to restore from backups and half the time restoring has its own issues. Plus you need to do a forensics of what happened then a security audit of how to prevent or at least mitigate them in the future. I'd still take it over giving them scumbags any money...
 
More than that, I think they're not worried about what the person or group grabbed off the servers. Whatever they got isn't enough to hold the company or the board ransom.
That’s because they know that even if they pay the ransom there is absolutely no guarantee the information won’t be leaked/sold anyway. No point paying.
 
That’s because they know that even if they pay the ransom there is absolutely no guarantee the information won’t be leaked/sold anyway. No point paying.
Yea. Baltimore city payed the 6 million ransom back in 2019. I can't recall if the hackers actually released the systems but the city's computer were fucked for months.
 
Last edited:
The problem here is that after the source code and data have been examined, we'll probably find out just how much content was cut from the game and what features it was really supposed to have. We'll also potentially have some idea of what's coming later on or what the state of the game truly is in terms of how much CDPR has for it that we haven't seen yet. In other words, some of the systems that are missing could be nearly complete or may not exist at all. The former might be encouraging but the latter would severely harm CDPR's already shattered reputation.

These details I suspect, will confirm that what we got was more or less an alpha build and the game was a year or more away from being ready for release. Some of the other stuff like HR and accounting information may also lead to a reveal that CDPR knowingly shat out the game well ahead of schedule to get the sales on the 2020 calendar and that it was done to appease investors. CDPR could really come clean and out all its dirty laundry concerning the game's development and take the wind right out of the hacker's sails. However, I suspect doing so would give the prosecutors in their court cases everything they need to nail CDPR to the wall. I mean, we already "know" a lot of this stuff but we don't have confirmation that these things are certain.

Worse yet, some of these decisions could amount to massive fines for CDPR's executives and even possible jail time if they violated labor laws at any point during the game's development. To be clear, I don't think CDPR knowingly committed fraud in the sense that there wasn't an intent to deceive gamers and customers but rather CDPR fell prey to its own greed. They took a "release it now, fix it later" approach to the game. That is, CDPR intends to deliver on its promises at some point. Unfortunately, this attitude has become the norm for game developers and publishers who do this all the time. Fallout 76, Anthem and No Man's Sky are three of the most egregious examples of this. Of course, let's not forget that many of CDPR's fans issued death threats against the developer if they didn't release the game and made it clear that no more delays would be tolerated. People wanted the game to be released even if it was buggy and then bitched when they got what they asked for.

To a degree, it's a hell of CDPR's own making. It's constant releases of gameplay footage and trailers over a period of 7 or 8 years built up expectations and hype for the game that were unrealistic. Cyberpunk 2077 was never going to live up to the hype CDPR's marketing team generated for it. Had they been quieter about the game's progress and expected features, they wouldn't be in this predicament now. Then again, it wouldn't have sold some 13 million copies. (Refunds not withstanding.)
 
While I don't have as many problems as some with my Cyberpunk 2077 setup - it is kinda reminding me of the Gearbox Aliens: Colonial Marines game from years back. Kinda.
 
How the f did this happen? "an unidentified actor gained unauthorized access to our internal network"

So they had anon access? Lack of proper security people doing audits maybe? I do some of this for my job so I dont understand how this happens. Lack of people, exp, oversight etc. 😠
 
Quick is relative. It costs money to restore from backups and half the time restoring has its own issues. Plus you need to do a forensics of what happened then a security audit of how to prevent or at least mitigate them in the future. I'd still take it over giving them scumbags any money...
Depends on your storage system. With a NetApp, I can restore from backup with a single command that changes what snapshot the file system points to. We had an administrator get ransomware'd and it encrypted the admin shared drive. No problem I just reverted it and we went on our way. If you have good enterprise storage tech with a good online backup system you can do instant recovery.
 
Depends on your storage system. With a NetApp, I can restore from backup with a single command that changes what snapshot the file system points to. We had an administrator get ransomware'd and it encrypted the admin shared drive. No problem I just reverted it and we went on our way. If you have good enterprise storage tech with a good online backup system you can do instant recovery.

Right...we use Veeam and can restore pretty quickly. ALOT of companies are still on tape though or slow spinners, etc, etc and restoring is a chore and a half for them.
 
Right...we use Veeam and can restore pretty quickly. ALOT of companies are still on tape though or slow spinners, etc, etc and restoring is a chore and a half for them.
What I mean is for ransomware, you don't even really go to backup, per se. You just have a redirect on write file system. When new data is written, it gets written to new nodes, the old data is preserved. A restore is then as simple as updating the LUNs to point to the older blocks. It is instant, even on magnetic storage, as you are just changing metadata. It isn't a substitute for another offsite backup but for dealing with 99.99% of your backup needs like "user deleted the wrong file" or ransomware, it makes it an instant restoration process. It's just part of the storage server. NetApp has one of the best implementation, but they aren't the only one who does it.
 
Depends on your storage system. With a NetApp, I can restore from backup with a single command that changes what snapshot the file system points to. We had an administrator get ransomware'd and it encrypted the admin shared drive. No problem I just reverted it and we went on our way. If you have good enterprise storage tech with a good online backup system you can do instant recovery.

A shared drive is not the same as an entire domain with multiple servers and or SAN's. I assume for CDPR its a we bit more complicated. It could take hours to days depending on the speed of the restore(s). An online backup system is limited by your drives, network speed, the size of the restore(s) and whether its offsite like Veehm or on your internal domain (cloud). In your case there was no system state restore as well, just a share. Regardless of that you need to do a forensic analysis if you are any sort of reputable corporation. Of course we don't know what we don't know and probably never will.

PS: not trying to argue with you, just saying its usually not that simple. Especially with corporations that should be set up correctly, but............
 
Backup often don't help. These attacks don't occur in 1 day. These guys often will sit parked for months to make sure your backups are infected as well. Restoring them just restarts the attack.
 
Hmm, could employees file a lawsuit against CDPR as a form of negligence if such information(payroll, HR, etc) was to be released?
 
Since they are not willing to pay I would assume they have proper backup solutions in place and can roll it out relatively quickly. I would hope so anyway.
For this one it was maybe more data leak than blocking their infrastructure that they used, but from the little I understood a lot of ransomware attack play the long game and make it really complicated, they can wait say 3 months from the infiltration to when they act, i.e. the last 1,2,3,4,5,6, 7 last backups will be corrupted as well, making it quite hard to simply roll back to something that do not hurt too much.
 
Right...we use Veeam and can restore pretty quickly. ALOT of companies are still on tape though or slow spinners, etc, etc and restoring is a chore and a half for them.
As good as Veeam is it’s not that simple, they live in the system for weeks often months. They infect your backups, your USB keys, they find your network shares they scrape your domain credentials they get to the root of your system then they lock you.
Sure you can go back to your nightly, weekly, even your monthly Veeam backups only to quickly find they are also infected and you just end up right back at square one. Or worse you roll it back 3 months and it’s clean, then somebody plugs in an old USB to transfer some files and puts them right back into the system.
The people that orchestrate these attacks are professionals they know the tools that are in use and actively work to circumvent them.
I wish it were as easy as take backups but the reality is it really isn’t.
 
Yea. Baltimore city payed the 6 million ransom back in 2019. I can't recall if the hackers actually released the systems but the city's computer were fucked for months.
Yeah I have been involved in ransom ware cleanups. Even after your restored it takes months to identify the infections and clean them then to clean up the damage caused by the cleaning. Then you need to identify how it got in, how it managed to go undetected, then implement the needed changes to prevent it from happening again or detect it sooner if it does all while training staff on the new policies and procedures. Then during the whole process you are tanking the blame from the people you are trying to train who see it as an IT failure that it happened in the first place and that they shouldn’t have to do this because it’s not their job to keep things secure.
 
That’s what insurance is for. We have 5M in coverage for data recovery and re creation in the event of ransomware. I would imagine they have at least that much.

You would hope so! I imagine that insurance will go up a little after payoff if that is the case. ;)
 
Hmm, could employees file a lawsuit against CDPR as a form of negligence if such information(payroll, HR, etc) was to be released?

The bigger concern should be whether or not there is evidence that Polish labor laws were violated. If so, there could be hefty fines and or jail time for those responsible.
 
The bigger concern should be whether or not there is evidence that Polish labor laws were violated. If so, there could be hefty fines and or jail time for those responsible.
Stolen leaked documents, are a bit hard to authenticate, I mean the leakers can easily plant evidence. At worst it can be used as a basis of an official inquiry, but not as evidence.
 
Some people have pointed out a possible relation to the Capcom hack.

View attachment 327699
If it's the same group that took Capcom, Capcom just announced that their future plans have not been affected by the leaks. What about the Nintendo leak? Seems like these companies don't give a shit about what this group does. What is the endgame, then? They obviously won't get a big payoff, and so far the group has not been looking for attention outside of releasing everything. They have given no name or manifesto to their group outside of the name of their lockerware. So what is the goal?
 
If it's the same group that took Capcom, Capcom just announced that their future plans have not been affected by the leaks. What about the Nintendo leak? Seems like these companies don't give a shit about what this group does. What is the endgame, then? They obviously won't get a big payoff, and so far the group has not been looking for attention outside of releasing everything. They have given no name or manifesto to their group outside of the name of their lockerware. So what is the goal?
Leaked source code really shouldn't impact game releases or even revenue if the game already launched. However, encrypting the servers and forcing restoration from backups could delay patching efforts in this case as some data is always lost in these cases. However, that might not be true here as much of the data is probably on the developer's local workstations. In a work from home scenario, they probably don't save to the server as often given the file sizes of what they are working with. That's speculation on my part as I don't know what their setup is like.

Some may be using RDP or VDI's for their work, but we know a number of systems were sent to remote workers as that was reported months ago. So, likely a lot of what's being worked on isn't necessarily only located on servers. The hack might be more of an inconvenience than anything.

However, things discovered in the stolen data could hurt the company's reputation even more and thus, effect stock prices. It could also impact future sales of Cyberpunk 2077. What's discovered could have further impact that's impossible to calculate at present, if ever.
 
Back
Top