Red files of the stolen CD project, supposedly, now sold after Dark Web auction


Files stolen from CD Projekt Red in a ransomware attack revealed earlier this week, reportedly, have now been sold at a dark web auction.

Dark web monitoring organization KELA (which previously provided The Verge with what she believes to be legitimate file lists from CD Projekt's Red Engine) reports that an auction to sell the files now it was closed after a "satisfactory offer" was made from outside the forum in which it was being held. This offer stipulates that the code will not be distributed or sold later. The cyber security account vx-underground also reported that it heard that the sale was completed.

Speaking to IGN, Victoria Kivilevich, KELA's threat intelligence analyst explained that it looks like everyone stolen files – which apparently includes the source code for Cyberpunk 2077, several versions of The Witcher 3 and Gwent – were sold in one package. It is unclear who the buyer is or what they intend to do with the files at the time of writing.

It is also unclear at what price the files were sold, but reports yesterday indicated an initial purchase price of $ 7 million. Kivilevich provided IGN with a translated screenshot of the forum, dated February 10, in which the seller said CD Projekt should pay the blitz (initial purchase fee) because of the confidential data contained in the files. Of course, now, we cannot verify that this is true. CD Projekt said publicly that would not pay the ransom .

A reported screenshot of the auction topic now closed.

In a report assisted by KELA yesterday, The Verge explained that the auction required a deposit to enter (intended to show potential buyers that it was not a fraudulent auction), with bids starting at $ 1,000,000, increasing in increments of $ 500,000. Vx-underground also reported that the source code (or at least fragments of source code) for Gwent was released, which could have been further proof that the files were in hand before the auction.

Although not yet confirmed, several cybersecurity experts pointed to the ransomware attack coming from a group called HelloKitty, based on the title and content of the ransom note posted by CD Projekt after the hack.

IGN contacted CD Projekt for comments.

[poilib element=”accentDivider”]

Joe Skrebels is the executive news editor at IGN. Follow him on Twitter . Do you have a tip for us? Want to discuss a possible story? Send an email to .

Source link


Please enter your comment!
Please enter your name here