CD Projekt Red, a Polish game developer, is currently refusing to pay ransom demands after being targeted by cybercriminals.
Indeed, the company experienced a cyberattack on February 8, which led to the encryption of some of its systems and a claim by the attackers to have exfiltrated its source code and other data.
It was reported that an unidentified actor gained unauthorized access to the internal network, collected some data belonging to the CD Projekt capital group, before asking for a ransom. The attackers are claiming to have gained access to source codes as well as accounting, administrative, legal, human resources, and investor relations documents.
If the company continues to refuse to pay the ransom, the attackers threaten to sell or leak online its source codes and documents.
However, CD Projekt has declared that its backups remain intact and that their IT infrastructure is secure and is starting to restore the data. The company is currently working to mitigate the consequences of the possible release, as they don’t wish to give in to the ransom demands. They are also working with law enforcement, forensic cybersecurity investigators, and the Polish data protection regulators.
It was hinted that the attack was led on the company’s software development process, allowing the hackers to get in. Having more secure software supply chains has become a priority for organizations ever since the SolarWinds attacks in 2020, especially when code is the company’s product.