CD PROJEKT Capital Group, the Polish company which operates both CD Projekt Red and GOG.com, has reportedly fallen victim to a major cyberattack. Hackers appear to have gained access to the company’s servers, and are threatening the release of confidential documents. However, CD Projekt has refused to comply with their demands.
Today’s CD Projekt Red Cyberattack
“Yesterday we discovered that we have become a victim of a targeted cyber attack,” reads an official statement; “due to which some of our internal systems have been compromised. An unidentified actor gained unauthorised access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note […]”
The crudely-written ransom note, which was released publicly by CD Projekt, claims that the hackers have stolen; “all of your documents relating to accounting, administration, legal, HR, investor relations and more,” as well as; “FULL copies of the source codes from your Perforce server for Cyberpunk 2077, Witcher 3, Gwent, and the unreleased version of Witcher 3”. The note also claims that the hackers have encrypted all of CD Projekt’s servers. According to CD Projekt, some of its network devices were indeed encrypted. However, its backups remain intact. The process of restoring data after the securing of their IT infrastructure has apparently already begun.
Will the Hackers Follow Through With Their Threats?
Thus far, the company has categorically refused to comply with the hackers’ demands. The ransom note does not detail what the hackers wanted from CD Projekt. It does, however, threaten the release of source codes online and the sending of confidential documents to journalists. It remains unknown whether either of these things will actually occur.
In the meanwhile, CD Projekt is reportedly investigating the incident in conjunction with the authorities. Fortunately, the company has confirmed that the compromised systems did not contain any of their users’, players’, or ex-employees’ personal data. According to Bloomberg gaming journalist Jason Schreier, employees of CD Projekt have told him that the cyberattack is being taken “very seriously” within the company. According to him, the company is telling staff that; “they’ll need to take several specific precautions to protect their identities and prevent fraud.”