CDPR has already announced that the upcoming February major patch for Cyberpunk 2077 would be delayed for several weeks due to the ransomware attack the company has undergone, but it gave no clear reason why. Cynics may have wondered if this delay had anything to do with the actual hack itself. Gabe Newell once delayed Half-Life 2 for a year after a hacker stole the source code, but later admitted to using the hack as an excuse for the delay he would have to announce anyway.
The good news is that CD Projekt Red doesn’t seem to be doing anything so cynical. The bad news, according to Bloomberg, is that the company’s developers are still unable to access their own workstations due to the ransomware attack. CDPR’s VPN (virtual private network) remains inaccessible for more than two weeks after the attack.
CD Projekt Red has refused to pay the redeemer’s demands, but has apparently not found an alternative solution to his problem. We are not suggesting that the company should automatically pay the hackers. In any case, paying off these people could prove a viable market for holding game developers hostage, especially if the attackers could make it right before a game was supposed to turn gold.
The Bloomberg report also sheds light on the effect the hack had on CDPR’s developers. Staff members have been advised to block all their accounts and report the possibility of identity theft to the relevant authorities, based on the belief that hackers may have had access to this information. In addition, they were asked to send their computers to the company’s IT staff to be scanned for possible malware and security breaches.
This is not a good sign
This report, if correct, implies that CD Projekt Red is in worse shape than it suggests. Staffers were reportedly told that the attackers “may” have had access to their personally identifiable information. This, coupled with the bit about sending their own systems, could mean that CDPR has not yet identified the attack vector or the exact stolen data.
CDPR hack statement.
CDPR’s first hacking announcement noted that the company had engaged the services of forensic IT specialists. The vast majority of forensic specialists can also help a company get back online after a vulnerability like this, including restoring employee access to critical back-end systems like the corporate VPN. If they haven’t already done it, it implies another difficulty in the investigation.
Even if CDPR had backups, there is no guarantee that those backups weren’t encrypted as well. The company’s offsite or protected backups, if any, may be stale or otherwise incomplete. Ransomware attacks can be notoriously difficult to defend without a robust backup strategy. I hope the delay is due to an investigative delay, not a lack of good backups. If CDPR cannot decrypt its volumes, it has no choice but to pay the ransom or restart work from whatever it can put together.
Read now