This is the web version of CEO Daily. Sign up here to get it delivered to your inbox.
Good morning. David Meyer here in Berlin, filling in for Alan.
What to do if you are attacked by online blackmailers? If you’re CD Projekt, the Polish studio behind the Witcher games and recent blockbuster Cyberpunk 2077the answer to the ransomware threat is openness.
This morning, CD Projekt announced on Twitter that someone had entered its internal network, stolen data, encrypted some systems, and left a ransom note – which the company also posted in the tweet. The attackers threatened to release CD Projekt Red’s source code online and give journalists internal documents related to accounting, investor relations, and so on.
“We will not give in to the demands, nor negotiate with the actor, as we are aware that this could eventually lead to the disclosure of the compromised data,” the company said, adding that it will affect both law enforcement and the Polish data protection authority. has informed. , even though it “at this time” does not believe that players ‘or users’ personal information has become entangled in the heist.
CD Projekt’s stock price fell a whopping 6% on the news, and the replies to the tweet also show a mix of glee and disbelief on the part of some gamers –Cyberpunk 2077The release was plagued with bugs on the PC and older consoles, so its reputation was already insecure. Perhaps the company had no choice but to stay ahead of the news, given the additional reputational damage that could come from trying to cover up and find out about the breach.
But beyond this context, CD Projekt’s response seems to be correct. Downplaying the ransomware threat seems silly if it continues to grow at a rapid pace and if the extortionists are, shall we say, less than reliable.
The cybersecurity firm Proofpoint released a survey yesterday that suggests two-thirds of US organizations were affected by ransomware infections last year, and more than half agreed to pay the ransom so they could quickly regain access to their data. But only 60% actually got that access after the first payment – the rest then got extra ransom, which paid most.
Probably wise for CD Projekt not to play the attacker’s game. More news below.