CD Projekt RED victim of attack - Source Code now possibly sold (update)

CD Projekt RED just issued a statement in which they acknowledge they are the victim of a cyber-attack, attackers gained entry towards their internal network accessing delicate data and source code of their famous games.

The company already has seen a rough year, and it seems things get worse. In a press statement posted on Twitter, CD Projekt RED  included a screenshot of a plain-text ransom note left on its servers by the intruder. Source code for Cyberpunk 2077, The Witcher 3: Wild Hunt, Gwent," and an unreleased version of The Witcher 3 (likely the remaster) have been snagged or encrypted. If you read the note it does not end there are private documents from CDPR's financial accounting, administration, legal, HR, and more fell victim.

CDPR stated that it will not give in to the requests of the attacker, and has reached out to law enforcement. The hacker on its end gives CD Projekt RED 48 hours to contact him/them for an agreement, however, what is demanded has not been listed. 

Updated: 

Earlier today, leaks of conceivably legitimate source code started appearing on online forums, as noted on Twitter by the cybersecurity account VX-underground. This initial leak is believed to include the source code of the CDPR’s virtual card game Gwent. The files were posted on Mega.nz and quickly removed. However, it didn't take long for the content to spread across the most famous hacking forums. A site called CyberNews has already downloaded these files and verified that they are actually the source code for Gwent, the card game released by CD Projekt in 2016.

We do suppose that this is a real auction by a real seller who obtained the data. The seller offers to use a guarantor and he allows only those who have a deposit to participate — a tactic that is used by many sellers to show that they are serious and to ensure that no scam will occur,” a spokesperson from KELA (a company that monitors the dark web) said. An auction is offering source code files for both the Red Engine and CDPR game releases, including The Witcher 3: Wild Hunt, Thronebreaker: The Witcher Tales spinoff, and the recently released Cyberpunk 2077. The stolen material is also believed to include internal documents, though it’s not clear what types of documents or additional material the full cache includes.

KELA says the starting price of the auction is $1 million, with higher bids in increments of $500,000 and a buy-it-now price of $7 million. Only users who deposit 0.1 bitcoin can participate, which is why Kivilevich believes the hackers are serious about hosting the auction and that the material for sale is likely legitimate because it ensures nobody participating in the auction is trying to scam the sellers.

Update 2: 

As it turns out there has been a bidder source code of Cyberpunk 2077, The Witcher 3, the card game Gwent has been sold. According to the cyber specialists the seller would have received a 'satisfactory' offer outside of the auction, so they closed it. Not everyone is convinced that the data has actually been sold. According to security analyst Emsisoft , it is possible that there were no potential buyers at all. The criminals would then have stopped the sale, in order to give the impression that the source code has been sold.