Threat actors are auctioning the alleged source code for CD Projekt Red games which includes Witcher 3, Thronebreaker, and Cyberpunk 2077, which they stole in a ransomware attack.
The gaming firm CD Projekt Red, that developed these games have disclosed a ransomware attack on February 8th in which the attackers have stolen unencrypted source code for Cyberpunk 2077, Witcher 3, Gwent, and an unreleased version of Witcher 3.
It was found that the attack was conducted by a ransomware group named HelloKitty.
As part of the double-extortion attempt, the cybercriminals threatened to release or sell the stolen data if the company did not pay the ransom.
While disclosing the attack, CD Projekt said that they are not willing to make the ransom payments and would instead restore from backups.
A security researcher VX-Underground tweeted that the threat actors began to auction the stolen data from the CD Projekt attack.
This data allegedly includes stolen internal documents, ‘CD Projekt offenses,’ and the source code for Cyberpunk 2077, Witcher 3, Thronebreaker, and an unreleased Witcher 3 version with raytracing.
The starting price for this auction is $1 million with bid increments of $500,000 and a ‘blitz’ or buy now price of $7 million.
In order to prove the stolen data’s validity, the seller known as ‘redengine’ has shared a text file containing a directory listing from the alleged Witcher 3 source code.
According to cyber intelligence firm Kela the auction is believed to be legitimate due to the directory listing and the demand to use a middle man to handle the sale.
The seller asks the buyers to use a guarantor and have a deposit. The user is new to the forum, or may be a user who had created a new account to prevent from being tracked by researchers.
A threat actor claiming to be part of the HelloKitty ransomware operation said that the auction is only being held on the well-known cybercrime forum Exploit.in.
Also, to prove the data’s validity, this threat actor released a 21 GB archive on hacker forums for free that allegedly contains the source code for the Gwent card game.
It has not yet been confirmed whether the leaked data is legitimate or not.