CD Projekt’s Source Code was allegedly sold by a Ransomware Gang.
Last Thursday, CD Projekt Red released an official statement saying that their source code had been stolen and sold without their consent. The code is used for popular games like CyberPunk 2077, Gwent, and The Witcher 3. It also included “dumps of internal documents” and “CD Projekt RED offenses.”
They left ransom notes (below) on the encrypted systems, informing CD Projekt Red that they had also stolen administration, accounting, human resources, and investor relations documents before deploying the ransomware.
After CD Projekt announced that they would not be paying the ransom, a threat actor named ‘redengine’ created an auction for the stolen data on a hacker forum.
The auction initially started at 1 million dollars for the source codes, and it was eventually sold to an anonymous user “outside of the forum.”
Some speculate that it was CDProjektRed themselves who bought it, considering that there were no more auctions following the sale.
Other people noted that stealing the source code is generally useless because no one can benefit from it, and that if they were found they would eventually go to jail. The entire endeavor was essentially a needless risk for everyone.
At this point, we don’t know, and may never know, who bought and stole the code from CDProjektRed––or why.