CD Projekt Red hacked, refuses to pay ransom, opts for transparency

Earlier today, video game developer CD Projekt Red announced on Twitter that it has been hacked and a ransom demand received.

Announcement from CD Projekt Red

“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” they write, adding that while they are still investigating the attack, “the compromised systems did not contain any personal data of our players or users of our services.”

CD Projekt Red ransom note

The ransom note claims that the threat actor(s) have obtained the source code for the firm’s games, as well as all HR, accounting, and other documents. Interestingly, the note seems to acknowledge that the firm will likely be able to restore from backup.

NY: Gloversville hit by ransomware attack, paid ransom
Toys “R” Us Canada customers notified of breach of personal information
Gatineau gymnastics centre warns members of possible data breach
Confidence in ransomware recovery is high but actual success rates remain low
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted

Related: