The hackers behind an attack on Cyberpunk 2077 developer CD Projekt Red have allegedly started auctioning off the source code for several of the company’s games, BleepingComputer has reported.
The auction comes after CD Projekt yesterday revealed that it was the victim of a ransomware attack which compromised some of its internal systems.
“An unidentified actor gained unauthorised access to our internal network, collected certain data belonging to CD Projekt capital group, and left a ransom note,” the developer stated.
The attackers had encrypted and blocked access to certain devices on the company’s network, although CD Projekt said its data backups remained intact.
The developer said it would refuse to give in to any demands or negotiate with the attackers, being aware that this may eventually lead to the release of the compromised data.
The company shared a ransom note left by the attackers which claimed they had dumped full copies of the source code for Cyberpunk 2077, Gwent, and the existing and unreleased versions of Witcher 3.
In addition, the note claimed theft of company documents relating to accounting, administration, legal, HR, and investor relations, which it threatened to leak to journalists.
$7 million for all the source code
BleepingComputer has now reported that security researcher VX-Underground has published a screenshot of the auction on the Exploit.in forums posted by a user called “redengine”.
The price for the stolen source code of Cyberpunk 2077, Thronebreaker, as well as the existing and unreleased versions of Witcher 3, starts at $1 million, with bid increments of $500,000.
There is also an option to buy it outright at $7 million.
A 21GB archive supposedly containing the source code for the Witcher spin-off card video game Gwent was available for free.
Kela threat intelligence told BleepingComputer that the auction appears to be legitimate due to the use of a middleman and the attached text file containing directory listings for the Witcher 3 source code.