CD Projekt Red source code reportedly sells for millions in dark Web auction
February 12, 2021
72         0

by admin


This bird has been hacked!
Enlarge / This bird has been hacked!

Earlier this week, CD Projekt Red announced that it had been hit with a ransomware attack that allegedly exposed the source code for games including Cyberpunk 2077, Gwent, and The Witcher 3. Now, security experts are reporting that the source code has been auctioned off on a dark Web forum, seemingly for millions of dollars.

VX Underground, which tracks ransomware and other malware attacks, noted on Wednesday that the ransomed source code had been posted on a dark Web forum known as EXPLOIT. The starting bid was reportedly $1 million, with a $500,000 bidding increment and $7 million “buy it now” price.

Cyber intelligence firm KELA confirmed the authenticity of that auction, telling The Verge that forum users needed to put up 0.1 BTC (roughly $4,700 as of this writing) to participate in the bidding as a sign that offers were legitimate. The sellers also reportedly provided file listings for Gwent and the Red Engine that underlies CDPR’s games as proof that the data was authentic.

While the auction was originally intended to run for 48 hours, by Thursday morning KELA and VX Underground were both reporting that it had been closed successfully. “An offer was received outside the forum that satisfied us,” the sellers wrote, according to the reports.

KELA threat intelligence analyst Victoria Kivilevich told IGN that the stolen data was sold in a single package. The sellers also reportedly threatened on separate dark Web forums that CDPR will now have “a lot of interest [sic] things on their accounts alive [sic]” if they didn’t close the auction by paying the ransom.

CDPR said on Monday that documents “relating to accounting, administration, legal, HR, investors relations, and more” were taken as part of the attack, adding that “we will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data.”

Security experts analyzing the ransom note shared by CDPR have identified a hacking group known as HelloKitty as the likely culprit in the ransomware attack. That same group was reportedly behind a ransomware attack on Brazilian power company CEMIGamong others, late last year.

The raw source code for a game, which is used to create the executable files distributed to players, is usually considered to be among a developer’s most valuable trade secrets. Back in 2003, the leak of source code for Valve’s then-unreleased Half-Life 2 led to the arrest of a German hacker. More recently, a large tranche of source code for classic Nintendo games was released online as part of a so-called “Gigaleak.”

Peter Groucutt, the managing director of IT protection service Databarracks, said this kind of “Double Extortion” ransomware attack (where data is stolen and also locked behind an encryption key) could be a growing threat to businesses with popular intellectual property. “Ransomware originally sought to simply paralyze a business [and] victims with robust backups could refuse to pay the ransom and restore their data from backups,” he said. “The difference between this attack and other Double Extortion attacks is the exfiltrated data was highly valuable IP. Even if you don’t pay up, criminals can still make a considerable amount of money by selling the IP. If these attacks prove successful, we may see a shift to targeting those organizations with the most valuable data.”

A recent report by cybersecurity analysis firm Coveware found that total ransomware attack payments dipped slightly in the fourth quarter of 2020, after rising steadily for years prior, as more companies refuse to pay. An increasing number of those attacks now include threats to leak data online, Coveware found, and hackers often release stolen data even if the desired ransom is paid.



subscribe for YouMedia Newsletter
0 comments

Leave a Reply

Your email address will not be published. Required fields are marked *

newsletter
subscribe for YouMedia Newsletter
LET'S HANG OUT ON SOCIAL