The hackers threatened that non-compliance would lead to the stolen files being leaked online. The leaks would include the source code for all of their recent games. Following CD Projekt Red‘s refusal to comply the leaking has now begun, starting with Gwent, – a free-to-play digital card game.
According to a Cybernews report, the hackers posted the obtained files for Gwent on a hacking forum, which included a download link to a MEGA.nz archive. CD Projekt Leak #1 was the name of the file. Predictably, it seems this leak is the first of many. This download also contained a read-me file which suggested more leaks would be coming the following day (today).
Cybernews analysts consider what will likely follow to be a double extortion ransomware technique: the hackers start with one of the smaller leaks and work their way up, in hopes that the victim will eventually buckle.
The plot thickens
Although the original links to the files have now been deactivated, they have already circulated on other websites. The perpetrators of the attack remain unkown, although some things have been pieced together.
The original poster from the hacking forum had a user history of discussing ransomware; the relevant software required to undertake an attack. Another user from a private forum also thought linked to the attack, discussed that files would be sold. Data pertaining to The Witcher 3, The Witcher 3 RTX, Cyberpunk 2077, and Thornbreaker will apparently be (or may already have been) auctioned off on the forum that the user posted from.
Cybernews predict the hackers to be part of a Ransomeware group known as Hello Kitty. Check out their in-depth article here.