The increasing threat from Ransomware Attacks has become dire, especially throughout 2020 as threat actors and hacking groups continue to target the financial, health care and hospitals amid the covid19 pandemic. Cybersecurity researchers also observed a more minor trend in which hackers target video game companies globally with rash cyber-attacks including Capcom, Ubisoft and Crytek. And now, CD Projekt Red that released the most awaited game Cyberpunk 2077 last December became one of the victims of these cyber-attacks.
Tuesday last week, CD Projekt Red has announced that they have suffered a ransomware attack. Some of their internal systems have been compromised as per their statement posted on Twitter, and the attackers have encrypted some workstations and exfiltrated data. Given the situation, CD Projekt Red stated that they would not pay any ransom demands and that they are working to restoring their systems from their backup. This incident comes after they faced months of criticism for its buggy and overhyped game release with Cyberpunk 2077. The performance issues on various platforms are so many that Sony pulled it from PlayStation Store and Microsoft and offered to refund players.
The threat actors say they stole essential business data such as investor relations, HR documents and accounting information. Still, the video game company says there’s no evidence that customer data has been compromised on the breach. The hackers added on their ransom note that if they disagree, then the source code will be leaked online or sold on the dark web hacking forums. Additionally, they will send sensitive documents to the media and game journalists to muddy their public image even more.
CD Projekt Red has released patches for Cyberpunk 2077 to improve the gaming stability and setup damage control. Still, they faced lawsuits from investors and accusations that forced game developer staff to render excessive overtime in finishing the game.
The threat actors are yet to be unidentified, but the ransom note filename ‘read_me_unlock.txt’ are familiar to cybersecurity researchers. The type of ransomware attack involved is consistent with the naming convention of HelloKitty hacking group. The ransomware operators do not deploy this frequently, and a notable victim to date is CEMIG, a Brazilian power company.
By refusing to pay the ransom demand, CD Projekt Red is making a stand against the attackers, which is significant.
In recent years, the United States has increasingly been vocal about the moral and practical importance of not paying ransomware groups. Paying the ransom doesn’t guarantee that the victim organization’s data will be returned, and all other existing copies will be deleted permanently. Paying the ransom encourages cybercriminals to target more victims and offer incentives to other threat actors to get involved in their campaigns. Taking your stand against digital extortion becomes the only way to discourage cyber-attacks and lessen the organization’s likelihood of being targeted again.
