According to Tom’s Hardware (via vx-underground), the files—which are said to include an unreleased version of Witcher 3, possibly for PS5 and Xbox Series X/S—are being sold on the EXPLOIT forums with a starting bid of $1,000,000.
The ransomware attack was allegedly perpetrated by a group that goes by the name HelloKitty. It has also reportedly posted the source code of CD Projekt Red’s Gwent card game online, with the leak spreading to several forums.
CD Projekt Red revealed on Monday that it had fallen victim to a targeted cyber attack. In a statement, the developer said some of its internal systems had been compromised and “certain data” stolen.
In an apparent ransom note published alongside the statement, the culprits claimed they had stolen source code for the aforementioned games as well as documents relating to the company’s accounting, legal, HR and more.
If CD Projekt Red did not “come to an agreement” with them within 48 hours, the culprits said they would sell or leak the content.
CD Projekt Red said it would not give in to the demands nor negotiate with the people behind the attack, noting that this may eventually lead to the release of the compromised data.
“We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach,” it said.
“We are still investigating the incident, however at this time we can confirm that – best to our knowledge – the compromised systems did not contain any personal data of our players or users of our services.”
CD Projekt Red said it had already approached relevant authorities including law enforcement and IT forensic specialists.
On Tuesday, the company also released a statement addressed to its former employees.
“As of this moment, we don’t possess evidence that any of your personal data was accessed,” it said. “However, we still recommend caution (i.e. enabling fraud alerts). If you have questions, please write to our Privacy Team dpo[at]http://cdprojektred.com.”