CD Projekt hit by ransomware attack, refuses to pay ransom

Polish video game maker CD Projekt, which makes Cyberpunk 2077 and The Witcher, has confirmed it was hit by a ransomware attack.

In a statement posted to its Twitter account, the company said it will “not give in nor negotiate” with the hackers, saying it has backups in place. “We have already secured our IT infrastructure and begun restoring data,” the company said.

According to the ransom note, the hackers said they would release the company’s stolen source code and other internal files if it did not pay the ransom, since the company would “most likely recover from backups.”

But the company said for now that no personal data was taken. “We are still investigating the incident, however at this time we can confirm that — to our best knowledge — the compromised systems did not contain any personal data of our players or users of our services.”

It’s an increasingly hostile tactic used by ransomware actors: Hackers target high-value businesses and companies with file-encrypting malware and hold the files for a ransom. But since many companies have backups, some ransomware groups threaten to publish the stolen files unless the ransom is paid.

CD Projekt Red did not immediately respond to TechCrunch’s questions, including what kind of ransomware was used to attack its systems.

It’s thought to be the second time in recent years that the company has been hit by ransomware. The game maker confirmed in 2017 that a hack resulted in the compromising of early work related to the Cyberpunk 2077. Weeks following the game’s launch Sony and Microsoft offered gamers refunds, citing bugs and poor performance on older consoles.