"You have 48 hours to contact us." That was the ransom note left Monday after a cyberattack against Cyberpunk 2077 maker CD Projekt Red, which has posted the note online and said it's not in the mood for negotiations. The hackers' message indicated that they stole the source code for the Polish developer's hit video game, as well as for Gwent and The Witcher 3; locked down the company's servers via encryption; and copied HR, accounting, administrative, and investor documents. The note also presented a threat. "If we will not come to an agreement, then your source codes will be sold or leaked online and your documents will be sent to our contacts in gaming journalism," the note read. CD Projekt says it "will not give in to the demands nor negotiate," adding that its backups are all safe and sound and that "we have already secured our IT infrastructure and begun restoring the data."
The company says that although it's still investigating, it doesn't believe the breached systems contained any private data for players or users of CD Projekt's services. Cybersecurity expert Jon Niccolls tells CNBC he's seeing an increase in this kind of "double extortion" hack, in which nefarious parties not only steal data but also say they're going to leak it unless they get what they want. He adds that CD Projekt Red is handling it correctly by offering the hackers a big nope for their demands. "Our research shows that on average, every 10 seconds an organization becomes a victim of ransomware worldwide," he says. "CD Projekt Red is doing the right thing." The BBC notes the hack "couldn't have come at a worse time," as, after delays in getting Cyberpunk 2077 out in the first place, CD Projekt Red had to field complaints from players about glitches and other tech problems, leading Sony to pull the game from its PlayStation Store. (More ransomware stories.)