Hacker Sets Alleged Auction for Witcher 3 Source Code

  • The ransomware gang at the rear of the hack of CD Projekt Red may be inquiring for $1 million opening bids for the company’s valuable knowledge.

    The ransomware gang guiding an attack on videogame developer CD Projekt Red may have created fantastic on its guarantee to auction off the company’s info – together with supply code for Cyberpunk 2077 and an unreleased version of the Witcher 3.

    Or it may not have.

    The Twitter account @vxunderground, which expenses itself as “the largest collection of malware supply code, samples and papers on the internet,” place out a recognize on Wednesday that the purported stolen info was remaining put up for sale on the nicely-known Russian-language underground discussion board recognised as Exploit, and it furnished alleged screenshots.

    “This is the resource code to ‘Gwent’ card activity,” according to the tweets. “Witcher 3, CyberPunk 2077, etcetera. is remaining auctioned currently on EXPLOIT forums…The ransomware authors said they will not be auctioning facts everywhere else – any other area other than EXPLOIT is faux.”

    @vxunderground also said that the facts experienced a starting off bid of $1 million, but they entire cache could be purchased outright for $7 million.

    When asked to independently verify the declare, Austin Merritt, cyber-danger intelligence analyst at Digital Shadows, explained to Threatpost that the auction posting did certainly exist. An Exploit user named “redengine” made a thread in the auctions area of the internet site, entitled “Auction day for CD Projekt RED” when translated from the Russian.

    “The consumer claimed to have whole source codes for many game titles like Thronebreaker, Cyberpunk 2077, Witcher 3 and the undeclared Witcher 3 RTX (a version of Witcher with raytracing),” Merritt said. “The user also claimed to have dumps of interior files and documents relevant to CD Projekt Red ‘offenses.’”

    As for price and timing, Merritt stated that the poster established the auction to start off Thursday, Feb. 11 at 13:00 Moscow time (5 a.m. ET), and that bidders would be necessary to make a .1 BTC deposit (around $44,900 at press time) to enter.

    “The consumer began the auction at $1 million, however, end users have not but expressed any desire in getting this facts,” Merritt told Threatpost. “At the time of writing, there have been six replies to the first article. Buyers that have replied have largely questioned the legitimacy of the publish, alleging that consumer ‘redengine’ does not have an established status on the discussion board.”

    Hence, it’s unclear if what the consumer is giving is genuine, or if the publishing is from an opportunist striving to consider advantage of the buzz all around the stolen info that percolated up this week in media accounts.

    Merritt gave Threatpost a screenshot of the alleged Gwent data documents:

    CD Projekt Red has not responded to a request for comment or verification.

    CD Projekt Purple Ransomware Strike

    The Warsaw-centered videogame company tweeted out a detect on Tuesday, warning of “a targeted cyberattack in which some of our devices have grow to be compromised.”

    The attackers – thought to be portion of the “Hello Kitty” ransomware gang, as Threatpost earlier claimed — acknowledged that the ransomware by itself would very likely not be a problem for the corporation, which experienced backups in area to rapidly remediate the attack. A lot more concerningly, the attackers threated to dump troves of stolen firm information on the internet – including video game source code.

    “We have encrypted all of your servers, but we realize that you can most probably recover from backups,” according to the ransom be aware shared by CD Projekt Purple. Nevertheless, “source codes will be sold or leaked on the net, and your documents will be despatched to our contacts in gaming journalism.”

    It went on to say that not spending up has an affect to the company’s general public picture, inventory price and investor self-confidence (CD Projekt Red is traded in more than-the-counter markets). The attackers also claimed that the facts will expose how terribly the firm is operate.

    Launch of the source code would let followers to create video game hacks and conduct all sorts of “modding” (i.e., progress of custom made attributes) and jailbreaks and would be a gift to competition.

    Threatpost WEBINAR: Is your smaller- to medium-sized company an easy mark for attackers? Save your location for “15 Cybersecurity Gaffes SMBs Make,” a FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals rely on you earning these issues, but our specialists will assistance you lock down your compact- to mid-sized business like it was a Fortune 100. Register NOW for this LIVE webinar on Wed., Feb. 24.