Caleb Boma | February 10th, 2021

According to, Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were allegedly stolen in a ransomware attack.

As part of the double-extortion attempt, the attackers threatened to release or sell the stolen data if CDPR did not pay the ransom. This attack was later confirmed to be conducted by the HelloKitty ransomware group. When disclosing the attack, CD Projekt stated that they would not give into the ransom demands and are restoring from backups instead.

When HelloKitty is launched, it repeatedly runs an executable with the file name taskkill.exe to terminate processes within various security software and servers. SpearTip’s ShadowSpear® Platform stops these attacks by blocking the executable from running before your network is infiltrated.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you are experiencing a breach, please call our Security Operations Center at 833.997.7327.