The hacking into the CD Projekt Red database is still a hot topic. Cybercriminals allegedly sold stolen source codes for the games of the Polish studio, but experts’ opinions shed new light on the whole case.
The hacking attack on CD Projekt Red is an unprecedented event, there is no doubt about it. The reaction of the Polish studio is considered to be an example of the right approach in crisis situations.
Let us remind you that the CD Projekt capital group did not bow to the threat of blackmail from criminals. The hackers demanded a ransom for the stolen data, adding that if they were not contacted within 48 hours, the source codes for Gwent, The Witcher 3, and Cyberpunk 2077 would be auctioned or released online.
The Polish studio did not give in to pressure. It reported the matter to the relevant authorities and published an explanatory statement and a message left by the hackers on its social media.
Thus, they showed that they had no intention of interacting with the criminals and were not interested in any settlement.
As it turned out, however, the criminals did not throw their words to the wind, and actually shared the source code of Gwent on at least 2 hacking forums. The case was quickly publicized thanks to the cybernews.com portal.
However, that’s not all, because, as announced by cybercriminals, a package of Cyberpunk 2077, The Witcher 3, the new next-gen version of The Witcher 3 with ray-tracing technology and The Witcher Tales has been put up for auction.
Stolen documents concerning investor agreements, legal and accounting agreements were also to be put up for sale. The starting price was to be around $1 million.
It didn’t take long to finalize the purchase of the data package. The darknet monitoring organization KELA reported that just 1 day after the start of the auction, it ended.
Hackers announced that they had accepted an offer that came out of the forum. Apparently, the buyer offered $7 million without revealing his identity, and a prerequisite for the purchase was a ban on re-sale and dissemination of data.
Here, too, it is worth asking a question mark and considering whether the auction itself actually happened. More and more experts are starting to question CD Projekt’s data sales for $ 7 million, or even $ 1 million. An interesting theory was presented by the Emisoft website dealing with cybersecurity on the Internet.
There is also another, in our opinion, more plausible scenario: no buyer exists, and the end of the auction is only evidence of an attempt to save face by criminals who failed in an attempt to monetize the CD Projekt attack after the studio refused to pay the ransom.emitoft blog
The editor of the Spidersweb portal also made an interesting observation. It turns out that the average ransom price for stolen digital data ranges from $20,000 to $40,000. This price differs significantly from the hackers’ calculations and there is a real chance that no one wanted to purchase the data of the Polish studio for such enormous money.