CD Projekt Red is ransomware attack victim — the company’s terrible year just got worse

CD Projekt Red is victim of a ransomware attack but they won’t be playing ball

This has been one helluva terrible year for video game developer CD Projekt Red (CDPR).

Along with releasing the bug-ridden game Cyberpunk 2077 too early and then being sued by two different entities because of it, the Polish developer and video game distributor also made the decision late last year not to publish Taiwanese game Devotion on their game distribution platform —

A decision they insisted was made after a number of Chinese gamers asked them not to.


That decision not only infuriated tens of thousands of CD Projekt Red’s western customers, many of whom got online to express their ire, it left some saying they would never buy another game from GOG.

As you might expect, with all that going on, the company’s stock tanked as well.

Now today, as if that wasn’t already enough, CD Projekt Red announced they have been the victim of a ransomware attack. An attack they say they will most definitely not be responding to.

As the company states on their tweet about the attack, they will “not give in to the demands nor negotiate with the actor”.


A decision they stuck to over three years ago — the last time they were victims of a ransomware attack.

What does CDPR ransomware attack mean for gamers?

Of course, when a company is the victim of a ransomware attack, while people are generally sympathetic, they are also often worried about their private data also being hacked.

According to CDPR’s tweet this morning however (see below), they say they do not believe “the compromised systems contain any personal data of players or users”.

For you then, that probably means your data is currently safe.


The hacker reportedly stole Cyberpunk 2077‘s source code

What steps did CD Projekt Red take after the ransomware attack and how serious was it? 

The company has said police are already involved in an effort to find the identity of the hacker.

They also state “Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.”

In other words, while the hacker may have encrypted some data so CD Projekt Red cannot access it, everything is still available via backup, so nothing is actually lost.

As the note accompanying the ransom request also informed them the hacker had dumped copies of the Cyberpunk 2077, The Witcher 3, and Gwent source code, as well as an unreleased version of Witcher 3, all of which they plan on releasing if their demands are not met, CDPR has already contacted all parties that may be affected by such a breach.

It seems then CDPR acted quickly and decisively in making sure their systems are accessible and able to be restored, and to lessen any possible harm.

While this still doesn’t make me want to buy a game from them, as I don’t support companies that choose China over Taiwan, at the same time, while CDPR has most definitely deserved some of the aggravation they have been getting over the last few months from fans, they do not deserve this.



Michelle Topham