Data theft for ransom, much like ransomware, is becoming a common tool to use against corporations. Taking or encrypting (suspected)important files and then asking for money just seems like the thing to do these days. In some cases (like more than a few medical centers) we find that the organization has no back up of the data and are forced to pay the demanded ransom (and then hope they get the decryption code). In the case of data theft with the threat of publication things are a little different, but follow a similar pattern. The organization has to decide if the information is important enough to give into demands. CD Projekt RED has determined that they are not.
Now here is where our suspicious minds come into play. If the documents in question are old and not important, why release the information about it? Right now there is no notice that we can find of a pending release and other than the tweet we have not found any references to the theft. To me giving out this information seems more of an admission of an insecure network, or careless document handling practices. If it was intended to be defiant, that is not the tone we are getting.
We also have noticed that most of the articles about the tweet cover what little information there is about Cyberpunk 2077. It is great press to be sure and could be a big reason that the tweet was sent out. Maybe they want the buzz about the game and people looking for information on what to expect from it. It would be a smart marketing move to use this bad situation and turn it into some free press on an upcoming game. Either way we are sure that some enterprising (and malicious) individuals are already hard at work building malware into some fake documents just to take advantage of those people hungry for info on Cyberpunk 2077.
It should be very interesting to see how fans react if they get malware from searching for stolen (old) information on a future game...
Thursday, 08 June 2017 15:01
CD Projekt RED admits to data theft and blackmail
Written by Sean KalinichReading time is around minutes.
CD Projekt RED has found themselves the victim of both data theft and now blackmail. At least that is what we are hearing from their Twitter account. According to CD Projekt, someone has made off with information that relates to their upcoming game Cyberpunk 2077. The Tweet goes on to say that the files are old and are not representative of the current version of the game. They also say they are not planning on giving in to the ransom demands. It is something of an interesting situation to be honest.
Published in
News
Tagged under
Latest from Sean Kalinich
- ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
- Social Manipulation as a Service – When the Bots on Twitter get their Check marks
- To Release or not to Release a PoC or OST That is the Question
- There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
- NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Leave a comment
Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.