Red files of the stolen CD project, supposedly, now sold after Dark Web auction

The files stolen from the CD Projekt Red in a ransomware attack revealed earlier this week have now been sold at a dark web auction. Dark web monitoring organization KELA (which previously supplied The Verge with what it believes to be legitimate file lists from CD Projekt’s Red Engine) reports that an organized auction to sell the files was closed after a “satisfactory offer” was made of outside the forum where it was being held. This offer stipulates that the code will not be distributed or sold later. Cybersecurity account vx-underground he also reported that he had heard that the sale was completed.

Only in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned stolen source code for the #RedEngine and #CDPR game launches, and have just announced that a satisfactory offer has been received from outside the forum, with the condition of no further distribution or sale. pic.twitter.com/4Z2zoZlkV6

– KELA (@Intel_by_KELA) February 11, 2021

Have you ever played Cyberpunk 2077?

Speaking to IGN, Victoria Kivilevich, a KELA threat intelligence analyst, explained that it appears that all the stolen files – which apparently include the source code for Cyberpunk 2077, several versions of The Witcher 3 and Gwent – were sold in one package. It is not clear who the buyer is or what they intend to do with the files at the time of writing.

It is also unclear at what price the files were sold, but reports yesterday indicated an initial purchase price of $ 7 million. Kivilevich provided IGN with a translated screenshot of the forum, dated February 10, in which the seller said that CD Projekt should pay the ‘blitz (initial purchase fee) because of the confidential data contained in the files. Of course, now, we cannot verify that this is true. CD Projekt said publicly that it would not pay the ransom.

A reported screenshot of the auction topic now closed.

In a KELA-assisted report yesterday, The Verge explained that the auction required a deposit to enter (intended to show potential buyers that it was not a fraudulent auction), with bids starting at $ 1,000,000, rising in increments of $ 500,000 . Vx-underground also reported that the source code (or at least fragments of the source code) for Gwent had been released, which could have been further proof that the files were in hand before the auction.

Although not yet confirmed, several cybersecurity experts pointed to the ransomware attack coming from a group called HelloKitty, based on the title and content of the ransom note posted by CD Projekt after the hack.

The number of people who think this was done by an unhappy player is laughable. Judging by the ransom note that was shared, this was done by a group of ransomware that we tracked as “HelloKitty”. This has nothing to do with dissatisfied players and is just common ransomware. https://t.co/RYJOxWc5mZ

– Fabian Wosar (@fwosar) February 9, 2021

IGN contacted CD Projekt for comment.

Joe Skrebels is the Executive News Editor at IGN. Follow him on Twitter. Do you have a tip for us? Want to discuss a possible story? Send an email to [email protected].

Source

Share this:
Click to share on Twitter (Opens in new window)
Click to share on Facebook (Opens in new window)
Click to share on LinkedIn (Opens in new window)
Click to share on Pinterest (Opens in new window)
Click to share on Telegram (Opens in new window)
Click to share on WhatsApp (Opens in new window)
More
Click to print (Opens in new window)
Click to share on Reddit (Opens in new window)
Click to share on Tumblr (Opens in new window)
Click to share on Pocket (Opens in new window)

Related