Ransomware: Source code of Witcher 3 and Cyberpunk 2077 published

The group "HelloKitty" posted the source code of the Polish game developer, including Cyberpunk 2077 and Witcher 3, online. The code is from 2021.

(Image: CD Projekt)

Apr 22, 2024 at 1:18 pm CEST

2 min. read

Security

By

Dr. Christopher Kunz

Two years after its attack on game developer CD Projekt Red, a ransomware group has published explosive data online, including source code for the blockbusters "Cyberpunk 2077" and "Witcher 3". Behind the leak is a group called "HelloKitty", which has now made its debut under the new name "HelloGookie".

HelloGookie Leaksite — The leak site of the renamed HelloKitty gang presents data leaks as well as a cute kitten picture.

(Image: Screenshot / heise Security)

The group's new leak site still looks rather spartan, but the first two releases bear big names: In addition to CD Projekt Red, the Cisco logo is also emblazoned above one of the criminals' postings. At least, the CDPR data set is also quite voluminous: HelloGookie offers a 750 GB archive with various packed files via Bittorrent. These apparently include a version of Cyberpunk 2077 as well as the standard and next-gen versions of Witcher 3. The archive also contains software development kits (SDK) for the Playstation 4, 5 and Nintendo Switch.

Unauthorized fan builds

However, the campaign is not entirely altruistic: HelloDookie is asking for donations to reveal the passwords for some 7z files. For every 10,000 US dollars in cryptocurrencies, they promise to publish the necessary identifiers. Whether the donations will go to a "charitable cause", as claimed in the readme file, is doubtful.

The CDPR crown jewel Cyberpunk 2077 is last in line, the necessary 40,000 dollars had apparently not yet been collected by late Monday morning. However, four other titles – Witcher 3 in both editions, Gwent and Thronebreaker – are already accessible and, as Bleeping Computer reports, fans have long since got their own versions up and running based on the data leak.

Torrent-Übersicht des CDPR-Lecks — A big chunk: If you want to download the source codes and SDKs from CD Projekt Red, you'll need to be patient.

(Image: Screenshot / heise Security)

Cisco hashes for free

Networking giant Cisco – still fresh in the memory of attentive heise readers thanks to extremely flowery press releases – was also hit last year; HelloGookie published some password hashes on the leak site that presumably originated from an attack in August 2022. At the time, a group called Yanluowang had attacked the network supplier, which published its analysis of the incident.