Update: Corrected starting bid info. Original article follows:
Yesterday, news broke that hackers breached CyberPunk 2077 studio CD Project Red (CDPR). The hackers gave CDPR 48 hours to respond to their ransom demands, and it seems that time is already up. The group claiming to be behind the hack has now posted the source code of CD Projekt Red's 'Gwent' card game on a hacking forum and claim to be auctioning off the source code for Witcher 3 and CyberPunk 2077 on the EXPLOIT forums with a starting bid of $1 million, or the option to buy it upfront for $7 million.
The hackers claim to have also obtained source files for Cyberpunk 2077, Gwent, and an unreleased version (probably for next-gen consoles) of The Witcher 3.
This is the source code to 'Gwent' card game. Witcher 3, CyberPunk 2077, etc is being auctioned today on EXPLOIT forums at a starting bid of $1,000USD.The ransomware authors said they will not be auctioning data anywhere else - any other location other than EXPLOIT is fake.February 10, 2021
As spotted by vx-underground, a well-known entity in the data security space, the data is already up for auction with a few sample bits of code available on the Exploit forum. The starting bid was set at $1,000,000 for the full cache, but it's easy to imagine it will sell for a much higher price.
Meanwhile, the leaked Gwent files also appear to have made their way to a handful of other forums, including 4Chan, with the main download hosted on Mega. We found traces of the threads, but they have since already been removed and de-activated. As such, we are unable to confirm the validity of the leak.
Either way, it appears Mega, 4Chan, and other forums are actively working to ensure the Gwent code, which appears to be the first leak installment to take place, doesn't end up in too many public hands.
Releasing the ransomed data in separate stages is a standard method to threaten the target. In this case, the hackers are using the tactic to remind CD Project Red that they are serious about the ransom.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
However, it is important to note that, thus far, we have been unable to find the source files ourselves or confirm the original attack — all we have is CDPR's word about the attack, along with traces and screenshots of the data cache.CDPR has remained defiant in the face of the ransom demands, saying it won't cave into the demands.
Niels Broekhuijsen
Niels Broekhuijsen is a Contributing Writer for Tom's Hardware US. He reviews cases, water cooling and pc builds.
More about security software
Latest
16 CommentsComment from the forums
CerianK Almost 20 years ago, I was encouraged by a group to look into an individual that was making threats. It seemed an impossible task, but eventually I focused on some misspellings that seemed only possible from a good typist that has carpal-tunnel issues. I was able to match that information to posts in other forums, identify the person, where he lived, and even deduce his motive. I replied to the individual publicly, using his first name only, and all threats ceased thereafter.
Actually kind of thrilling... but not enough to make me quit my day job.
Reply
LolaGT The hackers behind the CDPR data breach are seemingly already auctioning the first bits of data off in an attempt to scare CDPR into paying the ransom.
Did they fix the bugs in CP 2077?
Reply
Makaveli CerianK said:
Almost 20 years ago, I was encouraged by a group to look into an individual that was making threats. It seemed an impossible task, but eventually I focused on some misspellings that seemed only possible from a good typist that has carpal-tunnel issues. I was able to match that information to posts in other forums, identify the person, where he lived, and even deduce his motive. I replied to the individual publicly, using his first name only, and all threats ceased thereafter.Actually kind of thrilling... but not enough to make me quit my day job.
Old school detective work there well done.
Sounds like something I would to.
Reply
spongiemaster The starting bid is not $1000, it's 1kk which is $1 million. "Buy Now" price is set at $7 million.
1359568916339646466View: https://twitter.com/vxunderground/status/1359568916339646466
Reply
jojoman99 Forgive my stupidity, but who would buy this? What would they do with it? I can see someone in a 3rd world country with almost no copyright laws(or China)but wouldn't it be simple to figure out someone was using this code for something else?
Reply
RareAir23 LolaGT said:
Did they fix the bugs in CP 2077?I would say some to a good deal of them have been fixed but they still have a ways to go. Thanks. Out!
Reply
digitalgriffin As usual the H@xORs are not that smart when it comes to greed. The only people who need game code that have that cash are competing studios and they wouldn't be caught dead with it as a simple reverse compile of any code would instantly reveal the stolen source
And you never ever give into hacker demands ever. It will not encouraged them to do more. And they were untrustworthy to begin with. So you can't take them at their word.
Reply
PapaCrazy Who would want to have gamers as their customer base? And at the same time, who wants to buy unfinished games released for the sake of investors? The entire community, market, culture... the whole thing is a bubbling toxic stew.
I won't call myself a gamer anymore. I associate the word "gamer" now with overpriced motherboards, tacky LEDs, bi-polar kids cussing at each over garbled mics, raging chauvinism, charlatan developers, and the kind of mentally imbalanced pettiness highlighted in this article.
Reply
PapaCrazy spongiemaster said:
The starting bid is not $1000, it's 1kk which is $1 million. "Buy Now" price is set at $7 million.1359568916339646466View: https://twitter.com/vxunderground/status/1359568916339646466
Screams "grounded in reality", doesn't it? I'll bet he's a minor.
Reply
LOL they are going to get anybody to buy that. Who would want that giant mess of bugs anyway
Reply
