Stolen CDPR (CD Projekt Red) files containing RED Engine, Cyberpunk 2077, The Witcher 3: Wild Hunt, and Gwent games source code have now been sold on the dark web for an alleged 7 million USD.
According to this IGN article, KELA, a dark web monitoring organization confirmed that an auction took place on the XSS forum on the dark web. There, a “satisfying offer” was made by one of the participants. The article goes on to explain how this offer stipulates that no further copies of the files will be sold. Whoever this elusive buyer is, they demand that CD Projekt Red pays a “blitz” and a considerable sum since files contain other “sensitive data” as well. This is a request CD Projekt Red already refused to oblige.
Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfying offer from outside the forum was received, with the condition of no further distribution or selling. pic.twitter.com/4Z2zoZlkV6
— KELA (@Intel_by_KELA) February 11, 2021
CDPR Files and Ransomware
KELA threat intelligence analyst, Victoria Kivilevich, spoke to IGN about the events that took place. Kivilevich explains how the files were stolen and are now apparently sold to an anonymous buyer. Vx-underground also confirmed that the auction took place. According to the article, the starting bid amounted to a jarring million dollars. The auction was allegedly terminated due to a 7 million USD bid, although this information still has not been confirmed. And that’s the story of how the stolen CDPR files were sold. Nobody really knows who is responsible for the initial cyber attack. However, most experts point to a group called HelloKitty. It is not clear, however, that HelloKitty was involved.
The amount of people that are thinking this was done by a disgruntled gamer is laughable. Judging by the ransom note that was shared, this was done by a ransomware group we track as "HelloKitty". This has nothing to do with disgruntled gamers and is just your average ransomware. https://t.co/RYJOxWc5mZ
— Fabian Wosar (@fwosar) February 9, 2021
This has been yet another in the series of unfortunate events for CD Projekt Red. Following the catastrophic launch of Cyberpunk 2077, lawsuits, and confusing media attention, the punches just keep coming. It is weird to see so much negative attention be brought to a developer once cherished for their openness, community, relationship with their fanbase, and stellar games. Cyberpunk 2077 is still being frequently updated with patches and hotfixes. Hopefully one of these days CD Projekt Red catches a break again.
Regardless, what are your thoughts on this information? Do you think CDPR made the right choice not negotiating? Let us know in the comments below.