Cyberattack attack the work of ransomware gang
Note: We are reader supported and may earn a small commission when you click on links in posts
CD Projekt Red disclosed today that they are the victim of a ransomware attack. Apparently, the ransomware used to encrypt CD Projekt Red’s network goes by the name HelloKitty. For real.
CD Projekt Red is the producer of video games Cyberpunk 2077 and Witcher 3.
In the attack, the attackers stole the source code to Cyberpunk 2077, Witcher 3 as well as an unreleased version of Witcher 3. In addition, the hackers took“documents related to accounting, administration, legal, HR, investor relations and more,” according to the announcement made by CD Projekt Red.
They are threatening to dump the stolen data online if their demands are not met.
UK cyber security researcher Fabian Wosar tweeted later today that the ransomware behind the attack goes by the moniker “HelloKitty.”
Many wrongfully assumed the ransomware attack was the work of disgruntled gamers. Cyberpunk’s December release has been fraught with technical issues and disappoint in-game experiences. Sony and Microsoft offered their customers refunds.
Bleeping Computer saw a sample of the files that are encrypted by the ransomware. “The HelloKitty ransomware is named after a mutex named ‘HelloKittyMutex’ used when the malware executable is launched,” they wrote in a post.
HelloKitty ransomware targets the infected machine’s processes and Windows services.
The ransomware has been active since late last year.
“Yesterday, we discovered that we have become a victim of a targeted cyberattack, due to which some of our internal systems have been compromised,” CD Projekt Red posted on Twitter.
CD Projekt Red was given a ransomware note and link to a Tor site on the dark web to negotiate the ransom payment.
The company has said it won’t be paying the ransom.
“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” CD Projekt Red wrote in their disclosure.
No customer data is believed to be stolen by the attackers. CD Projekt Red maintains that their back-ups are not impacted by the ransomware attack.