Skip to content
Cyberpunk 2077 Video Game Image


In a move that seems shockingly close to art imitating real life, Cyberpunk 2077 developer CD Projekt Red claimed it has fallen victim to a ransomware attack.

The studio took to its official Twitter account on Tuesday morning with an “important update,” claiming hackers had accessed and encrypted its internal network and devices. CDPR also stated that it would not give in to the attackers’ demands or take part in any negotiations.

CDPR outlined its official stance on the matter as well as the alleged “ransom note” left by those responsible. In the note, the hackers threatened to release source code for several of CDPR’s biggest games, including Cyberpunk 2077 and The Witcher 3: Wild Hunt, in addition to internal financial, legal and HR documents.

However, the note itself is the source of some doubt, as many have expressed via Twitter. It uses dated and somewhat cliched “hacker” language, referring to the incident as CDPR having been “epically pwned.” It also refers to the company having backups of its sensitive information and employs an odd inflection.

“We have encrypted all of your servers, but we understand that you can most likely recover from backups,” the note stated. It also threatens to send information to the group’s “contacts in gaming journalism,” which begs the question: is this some sort of ethical hacking group? What’s the true aim here other than to “expose” CDPR?

The Notepad file wraps up its strange demands by telling CDPR the company has 48 hours to contact the hackers. CDPR stated it does not believe any sensitive user data has been compromised at this point. The studio also has taken measures to secure its IT infrastructure while restoring integral data from the very backups mentioned in the ransom note. Additionally, the “relevant authorities,” as well as IT forensic specialists, have been briefed on the situation, CDPR claimed.

On Tuesday afternoon, CDPR issued an update to former employees, saying, “As of this moment, we don’t possess evidence that any of your personal data was accessed. However, we still recommend caution (i.e. enabling fraud alerts).”

When reached for further comment, CD Projekt Red declined to offer additional details. A request for comment from the Warsaw Police Department was not immediately returned.

Photo courtesy of CD Projekt Red