



Files hacked from CD Projekt are reported to have leaked the GWENT source code and were purchased at an online auction.

As previously reported, CD Projekt has announced that it is a victim of ransomware hacking. This was the third case in four months for a video game company.

The hacker collected the data, encrypted the system, and left a ransom note. They said they would sell the source code for Cyberpunk 2077, GWENT: The Witcher Card Game, The Witcher 3 Wild Hunt, and the latter unreleased version unless the request is met within 48 hours. They also threatened to hand over administrative documents to journalists.

CD Projekt has begun to work with authorities, saying it will not respond to requests, even if it leads to the release of data. The Darknet Intelligence Group KELA is currently posting screenshots from the forums. Hackers checking the red engine and source code were allegedly auctioned off.

The post by KELA was made on February 11th (the purchase may have been earlier), but vx-underground posted on February 10th that the GWENT source code leaked online. Did. This could prove the legitimacy of the remaining files. Vx-underground describes it as “the largest collection of malware source code, samples, and treatises on the Internet.”

Vx-underground also claims that hackers mistakenly made the first offer of $ 1,000 on the EXPLOIT forum, which was later revised to $ 1 million. Users can increase their bids for a minimum of $ 500,000 or buy immediately for $ 7 million.

KELA’s post states (translated from Russian): “Outside the forum, we received an offer to satisfy us. In this regard, further on non-distributive terms, they were forced to withdraw the lot from sale,” as indicated by vx-underground. The post also showed the auction start time in Moscow Time (MSK).

The unreleased The Witcher 3 build was called “The Witcher 3 RTX”. It is reportedly characterized by ray tracing. The bid post also mentions selling internal documents rather than going to journalists, along with “CD Projekt Red Crime.”

Cybernews reports that the GWENT source code was leaked to the “Popular Hacking Forum” on February 10th. They state that database links (such as Mega) deleted the files and the users who posted on the forum had experience and knowledge of ransomware. They may have shared the information.

Ransomware expert Luca Mella told Cybernews that hackers may be associated with the hacker group “Hello Kitty,” based on ransom notes and the Emsisoft Intelligence KB.

“This could mean that the group is very new and has the potential to grow rapidly after the compromise of such high value victims. After this, many other young affiliates are in the business. You may participate. CD Projekt is very popular and is widely discussed among the underground and gaming communities. “

Mella also said that the leaked data has spread to other forums and that some of the data has been distributed or sold elsewhere. Another “threat actor” was also reported to have claimed that the source code leak mentioned above meant that those who participated in the first auction would need to deposit 0.1 Bitcoin (estimated at US $ 4,500) to participate. I will.

This situation can be compared to the Capcom Ragnar Locker Ransomware hack and subsequent leaks. [1,2] Of November 2020. With information about upcoming games (some seem to have come true) and politically correct business strategies.

Hackers also obtained personal information about employees, personal information, and personal information about 350,000 customers and business partners (neither of which is credit card information).

The Koei Tecmo Europe Forum was also hacked in late December 2020. Hackers have reportedly requested Bitcoin, claimed that Koei Tecmo’s digital security was inadequate, and did not comply with the GDPR guidelines by not immediately notifying users of hacking.

Image: GWENT: The Witcher Card Game Beer Steam

