Expert Commentary on the CD Projekt Ransomware Attack

Today, Polish video game developer CD Projekt disclosed suffering from what appears to be a ransomware attack. While it stated that service user and player data remained unaffected, the cyber-attack did gain access to internal systems and encrypt devices. Also, it collected certain data.” In fact, ransomware perpetrators sent a message to CD Projekt, threatening to release the source code behind several of their intellectual properties, as well as HR and financial documents, if the company refused to pay them.  

Thankfully, CD Projekt’s backups remain intact and uninfected, and they stated their refusal to pay the ransom. The game developer informed authorities and continues to work to restore their IT environment. 

CD Projekt’s ransomware attack demonstrates many of the major challenges in facing cyber-attacks in the modern era. To learn more, we consulted with some cybersecurity experts. Here’s what they had to say. 

Expert Commentary on the CD Projekt Ransomware Attack

Chris Clements

Chris Clements is VP of Solutions Architecture at Cerberus Sentinel.

“High profile organizations like CD Project Red are targets of disproportionate attacks both due to their notoriety and the fact that their presence in the news gives attackers more ammunition to craft compelling phishing lures for social engineering attacks.  In this case, it does appear that CD Project Red has handled the situation particularly well by proactively coming forward to announce the breach and to control the news narrative.  It’s encouraging that they have reported that no customer data was accessed during the breach, however, if the attackers were able to exfiltrate source code for the popular Cyberpunk 2077 and Witcher games it could lead to more targeted exploit development aimed at a widespread player base.  The decision to refuse to pay the attacker’s ransom demand is the right one here.  With intact backups, CDPR should be able to make a complete recovery, and if game code were stolen, there is no way to verify that the cyber-criminals would not try to sell it anyway.”

Javvad Malik

Javvad Malik is Security Awareness Advocate at KnowBe4.

“We’ve seen ransomware evolve, not only is it enough for criminals to encrypt data, but they will spend time within the victim’s organization, stealing valuable data, working out which data is worth encrypting, and how much they should set the ransom at.

In many cases, these criminals go undetected in victim organizations for many months at a time.

So, it’s important that organizations have the right controls in place to prevent these attacks from being successful in the first place and have some form of monitoring and threat detection in place to see when they have been breached and to respond quickly.

The ransom demands are interesting because the criminals know that the organization can likely recover from backups. In this case, the ransomware itself isn’t the issue – it’s more of a statement to signal that they have breached the organization. The fact that the ransom note was addressed to them shows it was a targeted attack.

While ransomware itself can cause issues and not everything may be backed up. The real demand for payment is in exchange for the criminals not leaking the information they’ve stolen. However, the issue with this approach is that even if the victim pays the money, there is no way to guarantee the criminals will actually delete the data.”

Thanks to these experts for their time and expertise. For more information, be sure to check out our Endpoint Security Buyer’s Guide.