Stolen CD Projekt Red Files Now Sold After Dark Web Auction

Files stolen from CD Projekt Red in a ransomware attack revealed earlier this week have reportedly now been sold in a dark web auction. Dark web monitoring organisation KELA (which previously provided The Verge with what it believes to be legitimate file lists from CD Projekt's Red Engine) reports that an auction set up to sell the files has now been closed after a satisfying offer was made from outside of the forum it was being held on. That offer reportedly stipulates that the code will not be distrubuted or sold further. Cybersecurity account vx-underground also reported that it had heard the sale was completed.

Victoria Kivilevich, a threat intelligence analyst at KELA explained that it appears all of the files stolen, which apparently include source code for Cyberpunk 2077, multiple versions of The Witcher 3, and Gwent were sold in a single package. It's unclear who the buyer is, or what they intend to do with the files at time of writing.

It's also unclear what price the files were sold for, but reports yesterday indicated an upfront purchase price of $7 million. Kivilevich provided IGN with a translated screenshot of the forum, dated February 10, in which the seller said CD Projekt should pay the 'blitz (upfront purchase fee) because of sensitive data contained in the files. Of course, right now, we can't verify whether that is true. CD Projekt publicly said that it would not pay the ranso

According to a report aided by KELA yesterday, The Verge explained that the auction required a deposit to enter (intended to show potential buyers that this wasn't a scam auction), with bids starting at $1,000,000, moving up in $500,000 increments. Vx-underground also reported that source code (or at least fragments of source code) for Gwent had been released, which could have been another showing of proof that the files were in hand before the auction.

While still unconfirmed, multiple cybersecurity experts have pointed to the ransomware attack coming from a group called HelloKitty, based on the title and contents of the ransom note posted by CD Projekt following the hack.

6 views0 comments

Recent Posts

See All