Stolen CD Projekt Red Files reportedly now being sold after Dark Web Auction

Files stolen from CD Projekt Red during a ransomware attack revealed earlier this week have now reportedly been sold during a dark web auction Dark web monitoring organization KELA (which previously provided The Verge with what it claims are legitimate file lists from CD Projekt’s Red Engine ) reports that an auction set up to sell the stocks has now closed after a “satisfactory offer” was made from outside the forum on which it was held. That offer reportedly stipulates that the code will not be further distributed or sold. Cybersecurity account vx-underground also reported hearing that the sale had been completed.

Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfactory offer has been received from outside the forum, provided there is no further distribution or sale. pic.twitter.com/4Z2zoZlkV6

– KELA (ntIntel_by_KELA) February 11, 2021

Have you played Cyberpunk 2077?

Victoria Kivilevich, a threat intelligence analyst at KELA, told IGN that it appears that all the stolen files – which apparently contain the source code for Cyberpunk 2077, multiple versions of The Witcher 3 and Gwent – were sold in one package. It is unclear who the buyer is or what they intend to do with the files at the time of writing.

It’s also unclear at what price the files were sold, but reports from yesterday indicated a purchase price of $ 7 million. Kivilevich provided IGN with a translated screenshot of the forum, dated Feb. 10, in which the seller said CD Projekt would have to pay the ‘blitz’ (prepayment) because of sensitive data in the files. At this point, of course, we cannot verify if that’s true. CD Projekt publicly said it would not pay the ransom.

A reported screenshot of the now closed auction thread.

In a report backed by KELA yesterday, The Verge explained that the auction required a deposit to participate (intended to show potential buyers that this was not a scam auction), with bids starting at $ 1,000,000, increasing in increments of $ 500,000. Vx-underground also reported that the source code (or at least fragments of the source code) had been released for Gwent, which could be another proof that the files were in the hands of auction.

While still unconfirmed, multiple cybersecurity experts have pointed to the ransomware attack coming from a group called HelloKitty, based on the title and content of the ransom note posted by CD Projekt after the hack.

The number of people who think this was done by a disgruntled gamer is laughable. Judging by the ransom note that was shared, this was done by a ransomware group we track as “HelloKitty”. This has nothing to do with disgruntled gamers and is just your average ransomware. https://t.co/RYJOxWc5mZ

– Fabian Wosar (@fwosar) February 9, 2021

IGN has contacted CD Projekt for comment.

Joe Skrebels is IGN’s Executive Editor of News. follow him Twitter. Do you have a tip for us? Discuss a possible story? Send an email to [email protected].

Source

Share this:
Click to share on Twitter (Opens in new window)
Click to share on Facebook (Opens in new window)
Click to share on LinkedIn (Opens in new window)
Click to share on Pinterest (Opens in new window)
Click to share on WhatsApp (Opens in new window)

Related