CD Projekt Red’s couldn’t stop the leak of the source code of Cyberpunk 2077, The Witcher 3, The Witcher 3 – Ray Tracing, and Gwent.
Reports from the dark web monitoring organization KELA, affirms that the hacker group that hit CD Projekt earlier this week with a ransomware attack has sold sensitive information following a satisfying offer, with the condition of no further distribution or selling.
Cybersecurity account vx-underground also commented on the alleged sale of the source code as a real transaction made in a dark web auction.
Cyber intelligence firm Kela told BleepingComputer that they believe the auction to be legitimate due to the directory listing and the demand to use a middle man to handle the sale.
“The seller is requiring buyers to use a guarantor and have a deposit – this user is new to the forum, but we think that maybe this is a known user that just created a new account in order to prevent them from being traced by researchers.”
“Additionally, the demand for using a middleman seems to be their way to ensure that there is no scam that will occur,” Kela threat intelligence analyst Victoria Kivilevich told BleepingComputer.
The identity of the authors remains hidden, CD Projekt announced earlier this week that the ransomware attack was real, the company also stated that the demands of the hackers will not be met. Reports from Fabian Wosar and other sources compare the ransomware note revealed by CD Projekt and other previous hacks.
The amount of people that are thinking this was done by a disgruntled gamer is laughable. Judging by the ransom note that was shared, this was done by a ransomware group we track as "HelloKitty". This has nothing to do with disgruntled gamers and is just your average ransomware. https://t.co/RYJOxWc5mZ
— Fabian Wosar (@fwosar) February 9, 2021
This ransomware operation has been active since November 2020 and has targeted other large companies, such as the Brazilian power company CEMIG last year. Affirms Wosar.
Bleeping Computer got access to a sample of the HelloKitty malware posted by a victim in their forums in November 2020. The group allegedly plants a malware called ‘HelloKittyMutex’, once the executable is launched, the program will repeatedly run taskkill.exe to eliminate all processes associated with security software, email servers, database servers, backup software, and accounting software.
The HelloKitty executable is said to be customized with a ransom note, as reported by Bleeping Computer, the hackers use ‘read_me:unlock.txt’, for their ransom notes. The same name was revealed by CD Projekt.
It’s uncertain how the leak will affect Cyberpunk 2077 and The Witcher 3. There are also worries from investors about what could be revealed from internal documents from the company.