CD Projekt, the Polish video game company behind The Witcher series, Cyberpunk 2077 and digital distribution service GOG, today revealed that it had been the target of a cyberattack.
An unauthorized third party had gained access to the company's internal network, encrypted its servers, "collected certain data belonging to CD PROJEKT capital group", and left a ransom note. CD Projekt also shared the ransom note left by the attackers, which threatens to leak or sell the source code from the company's games - released and unreleased projects - as well as its documents that are seemingly related to "accounting, administration, legal, HR, investor relations, and more". The full ransom note can be seen below.
Backups of the encrypted devices are intact according to the company, and it has already begun restoring the data after securing the IT infrastructure.
"We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data," added CD Projekt. "We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach."
CD Projekt stated that according to investigations done so far regarding the attack, personal data of its players had not been compromised, and that it is closely cooperating with law enforcement, president of the Personal Data Protection Office, and IT forensic specialists to fully investigate the attack.