CDPR has already announced that its next major February patch for Cyberpunk 2077 would be delayed a few weeks as a result of the ransomware attack that the company suffered, but did not give a firm reason why. Cynics may have wondered if this delay had anything to do with the hack itself. Gabe Newell once delayed Half-Life 2 by a year after a hacker stole the source code, only to admit later that he used the hack as an excuse for the delay he would have to advertise anyway.
The good news is that CD Projekt Red doesn’t seem to be doing anything so cynical. The bad news, according to Bloomberg, is that the company’s developers are still stuck on their own workstations due to the ransomware attack. CDPR’s virtual private network (VPN) remains inaccessible more than two weeks after the attack.
CD Projekt Red refused to pay the ransom demands, but apparently did not find an alternative solution to its problem. We are not suggesting that the company should automatically pay hackers. At the very least, paying these people can demonstrate a viable market for holding the game developer hostage, especially if attackers could withdraw it just before the game turns gold.
The Bloomberg report also clarifies the effect the hack has had on CDPR developers. Employees were advised to freeze all their accounts and report the potential for identity theft to the appropriate authorities, based on the idea that hackers may have had access to that information. In addition, they were asked to send their computers to the company’s IT staff to be scanned for potential malware and security breaches.
This is not a good sign
This report, if necessary, implies that CD Projekt Red is in worse shape than it looks. Employees were informed that the attackers “may” have accessed their personally identifiable information. This, combined with the part about sending their own systems, may mean that the CDPR has not yet identified the attack vector or the exact stolen data.
CDPR hack statement.
CDPR’s initial hack announcement noted that the company hired the services of IT forensic specialists. The vast majority of forensic experts can also help a company go back online after a security breach like this, including restoring employee access to essential back-end systems like the corporate VPN. If you have not yet installed and functioning it, this implies some other difficulty with the investigation.
Even if CDPR had backups, there is no guarantee that those backups were also not encrypted. The company’s external or protected backups, if any, may be old or incomplete. Ransomware attacks can be notoriously difficult to defend without a robust backup strategy. We expect the delay to be due to an investigative block, rather than a lack of adequate backups. If CDPR is unable to decrypt your volumes, it will have no choice but to pay the ransom or restart work on everything it can gather.
Now read: