Ransomware hack on CD Projekt Red

CD Projekt Red announced in early February that hackers had gained access to its internal network, scrambled a number of its data servers and stolen source code for multiple games including Cyberpunk 2077 in an attempt to blackmail the company.  Thank goodness our Grande Vegas online casino is hacker-proof!!!

Polish gaming company CD Projekt Red posted a copy of the ransom note but said it would not negotiate with the hackers. The note said that the hackers had copied code from games including Gwent, Witcher 3 and Cyberpunk 2077

The note warned, “We have also dumped all of your documents relating to accounting, administration legal, HR, investor relations and more! If we will not come to an agreement, then your source codes will be sold or leaked online and your documents will be sent to our contacts in gaming journalism.” The note indicated that the company had 48 hours to negotiate.

  • The term "dumping" refers to copying the data to an external source.
  • A source code is a computer program’s human-readable version which is what is later transformed for use – it’s release could make it easier for someone to reveal development secrets, publish their own altered version or write a hack for the title.

CD Projekt issued a statement saying that it has begun restoring the data from the back ups as it secures its IT infrastructure. A company spokesman insisted that the firm would not negotiate with the hacker.

Cyberpunk 2077 has seen more than its share if difficulties. Its release has been delayed several times and there are glitches in the gameplay.

The ransomware attack on CD Projekt Red is the latest in a long string of attacks on gaming developers with Ubisoft and Capcom  being targeted as well. CD Projekt has involved the police and an investigation is underway.

Lucrative Pursuit

Online gamers have more on their plates than outplaying their opponents.  They must also outsmart hackers who are everywhere. A recent study found that the gaming community is overwhelmingly worried about security. Most gamers report that they have experienced multiple cyberattacks.  Gamers aren’t necessarily more susceptible to hackers than other Internet users but a hacker can cause major damage to someone like a gamer who spends a dozen hours a day or more online.

Gamers may not be any more susceptible to hackers than other people but hackers target gamers. It can be very lucrative to hack into a gamer’s account and hackers are prepared to try anything to achieve their goal.

Ransomware is only one method that hackers use but hackers find it to be one of the best. Once a hacker successfully infiltrates a device the machine becomes infected and the hacker can locate saved files and games in order to encrypt them.

The hacker then contacts the device owner and demands a ransom  to unlocked those encrypted files. Today, the Teslacrypt malware targeting dozens of the most popular games is being used against games such as World of Tanks, Minecraft, World of Warcraft and Call of Duty.

Cybersleuths believe that the malware uses a file on a Wordpress website that the malware creates have managed to compromise and then abuses a Flash loophole which, in turn, infects the visitors.

The malware then looks for file extensions, particularly files associated with online streaming services and popular video games. That tells the hacker that he’s found a gamer and he can proceed to hold gamers’ profiles, saved and modified versions of the game, maps, etc.

Once a hacker get access to a device it’s almost impossible to outwit the malware. Some players try to uninstall a game but, even after re-installing a game, it’s generally not possible to restore the data. The malware triggers a window that pops up on the user’s device telling him that he has a few days to pay – usually $500 in Bitcoin or $1000 for a MyCash Paypal Card – to retrieve the data. Payment details are to be sent to the anonymous Tor browsing network.


How do hackers benefit by targeting video games and players? There are several ways that a hacker can gain.

  1. InGame commodities – most games have an in-game economy. The money earned in-game isn’t real-world money but it’s valuable to players. Finding an account with a large amount of in-game currency or in-game virtual wealth of the player’s character makes that account valuable to the hacker.

    Distribution platforms such as GOG Galaxy, Origin and Steam publish, sell and authenticate many games and often, a player will manage all or most of his games through one account. Some players manage dozens or hundreds of games on their account, giving the hacker access to a wealth of virtual cash and items. A hacker can steal an entire account, not just one game, to make it even more expensive to ransom.

  2. As with other types of hacks, the hacker wants to access as much data as possible which allows him to enter multiple streams of the gamer’s online persona. A lot of data can be obtained from a player’s online gaming account including the player’s media engagement, location, phone calls, financial data and more.

Stay Safe

Experts remind all Internet users that weak authentication offers hackers easy access to your account. This is especially true for players who are managing accounts for single-player games, multiplayer online games distribution platforms, social media and social features, publishers, etc.

In some games, an attacker can find a gamer’s username simply by seeing the name in-game via another player. You should have a password manager and have a unique, letter+symbol+number password for each game, each platform and each account.  Wherever the platform/game gives you an option for 2-factor authentication, take it. That’s just one more hurdle that the hacker has to cross before he gets access to your data.

Stay on top of the danger of phishing campaigns. Today such campaigns go well beyond the typical fraudulent emails that were once the standard of hackers who were trying to get users to submit their log-in credentials where the hacker could pick them up. Today, phishers have many new tricks including sending malicious links via chats, posing as friends or fans, etc. Since gamers don’t really know who all their fans are, but they want to maintain a good relationship with their community, they can be vulnerable to attacks from someone posing as a follower.

Phishing methods are often the conduit for vectors that spread malware. Chats can be the channel for sending links to drive-by malware downloads, fake authentication pages and so on. The main thing here is to remember that a genuine email from a genuine game provider will never ask for your personal information or login details. (beware of any emails that ask you to “please confirm your account by clicking on a specific link). If you have any questions about whether an email is genuine, contact the company’s support line.

Gamers must also be aware of security flows in websites and games. It’s rare but it does happen where a genuine log in request is redirected to a compromised subdomain where the user’s login credentials are submitted, giving the attacker all the information that he needs to hack the player’s account. To protect against such malware, it’s essential to have a good antivirus. Today there are antiviruses that have a “game mode” which is specifically geared for gamers.

Finally, it’s a good idea to check to see that your gaming provider has backend security to protect user accounts - just like the protection on Grande Vegas online casino.

Back to Overview Separator
SIGN UP Play Now