In an unfortunate turn of events for CD Projekt Red, who is having a less than stellar time with its release of Cyberpunk 2077, the video games developer announced today on Twitter that it has been the subject of a cyberattack.
The attack, known as a ransomware attack, involves an initial compromise of a company's systems, often through brute-force, phishing or credential stuffing methods. This is followed by a download of the cyber-criminals' attack tools, a monitoring period and exfiltration of data to an external server (often consisting of confidential and/or personal data). Finally, the data is encrypted for the victim and a ransomware note is left threatening to sell or release the data unless the ransom fee is paid.
CD Projekt Red appears to be handling the situation admirably - transparently announcing the details of the attack and working with legal and cyber-security professionals to contain the incident, without giving into the criminals' demands.
However, ransomware attacks are become increasingly prevalent against companies that hold significant amounts of data. Prevention of the initial compromise, through methods such as cyber-security training and the implementation of two-factor authentication log-ins, should be high on a digitally-present company's priority list if it wishes to avoid the regulatory consequences of a data breach.