In the tweet, CD Projekt Red says that an unidentified actor gained access to its internal network. The attackers managed to collect data belonging to the CD Projekt capital group. However, the company noted that it still has access to the backups. It is currently in the process of restoring data. The attackers have left a ransom note, where they claim to have copied the source codes for Cyberpunk 2077, Witcher 3, Gwent, and the unreleased version of Witcher 3. They also allegedly have documents related to accounting, administration, legal, HR, and investor relations. Furthermore, the ransom note threatens the company to either come to an agreement or witness the source code getting sold or leaked online. In the ransom note, the malicious actors have set a deadline of 48 hours. CD Projekt Red, however, is not planning to oblige to the threat. “We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach,” said CD Projekt Red in its statement.
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021 CD Projekt Red’s ransomware attack comes just months after the company launched Cyberpunk 2077, which didn’t go as expected. Due to bugs in the game, Sony ended up removing the game from PlayStation Store. Microsoft, on the other hand, started offering refunds to unhappy customers.