More information has come to light regarding the ransomware attack (opens in new tab) that struck the manufacturers of Cyberpunk 2077. Polish video game developer CD Projekt Red revealed the ransomware note it had received, which bears all the hallmarks of being distributed by the ransomware group known as, “HelloKitty.”
Earlier this week, CD Projekt revealed that an unidentified actor gained access to its internal network and encrypted a number of its files. It did reassure gamers, however, that backup sources (opens in new tab) remained unaffected and that it was already in the process of restoring the affected data (opens in new tab).
The ransomware (opens in new tab) note contained all the usual rhetoric, informing CD Projekt that it had been “EPICALLY pwned” and threatening to leak source codes online. However, CD Projekt quickly responded by confirming that it would not give in to the ransom demands and had informed the relevant law enforcement officials of the incident.
- Check out our roundup of the best disaster recovery (opens in new tab) tools
- Keep your devices virus-free with the best malware removal (opens in new tab) software
- We've also put together a list of the best endpoint protection (opens in new tab) software
Noting the similarities
Based on the ransom note, Fabian Wosar (opens in new tab), Chief Technology Officer at anti-malware firm Emsisoft, believes that the ransomware is likely to have been implemented by the HelloKitty group. There is not too much information available about said group but they are believed to have targeted other large organizations previously, including Brazilian energy firm CEMIG in December last year.
The HelloKitty malware disables various processes and services before encrypting (opens in new tab) files on a victim’s device. Typically, the ransom note that accompanies this attack is titled, “'read_me_unlock.txt,” which is the same name that accompanied the CD Projekt ransomware strain.
Ransomware attacks have become an increasingly popular method of extorting money, with cyberattackers stealing sensitive information that pertains to core company processes or which could damage a particular corporate individual (opens in new tab). Sometimes, when ransomware strains are poorly designed, files can be restored without having to pay a ransom fee. However, the early indications are that there is no way of decrypting files affected by the HelloKitty malware for free.
- We've also highlighted the best antivirus (opens in new tab)
Via Bleeping Computer (opens in new tab)