Award winning game studio hit by ransomware and threatened to get data leaked

Award winning game studio hit by ransomware and threatened to get data leaked

In early February, CD Projekt Red, the game studio behind popular games like The Witcher series, and Cyberpunk 2077 got hit by a ransomware threatening data leak. Apart from slowing down business operations, hackers threatened the company with leaking sensitive data on the Internet. Hackers claim to have stolen source codes, data related to yet-to-be-released products and sensitive business documents. Evidence does not suggest compromise of personal data belonging to employees, but employees are recommended to be cautious. The company has decided not to give in to blackmail and share the details, including the ransom note on their social media account.

Image 1. Ransom note as shared by CD Projekt Red on their social media account.

Image 1. Ransom note as shared by CD Projekt Red on their social media account.

 

The ransomware got traced to group known as HelloKitty. HelloKitty is a well-known group that usually focuses on high-value targets, such as healthcare organizations and industrial sites. Their previous victim was CEMIG, a Brazilian power company responsible for 12% of the national power distribution. The attack caused a downtime of their website and all customer portals, with 4 days of restoration efforts needed.

Ransomware To Ransomeware and Data Leak Theats

When hit by a ransomware, time of the essence. It’s important to stop the spread of malware within the network to prevent further damage while trying to recover already encrypted data.

 

LIFARS provides 24×7 ransomware removal with dedicated research lab to reverse engineer and find weaknesses even in the most advanced ransomware samples.

 

HelloKitty ransomware also tries to kill other running processes, including backup software, monitoring & control software, and accounting software. This may cause further damage to compromised industrial sites.

The recent incident reaffirms that simply having a resilient backup solution is not enough. Ransomware operators are more often than ever before stealing data to sell them on a black market. In addition, they use the data to further extort their victims. Apart from backing up data, companies should deploy an enterprise-grade security solution on their workstations. In addition, they should  protect systems within their network from outside attacks and use 2FA for sensitive and privileged accounts.

With more advanced techniques and more aggressive behaviors by threat actors, companies should try to improve their security and monitoring capabilities. With average cost of incident in millions of US dollars, the benefits outweigh the costs.