In a recent development on the dark web, a newly emerged cyber group claims to have breached Sony’s entire system through a ransomware attack.
According to a report from Cyber Security Connect, a reputable Australian cybersecurity publication dated September 25, Ransomed.vc, a relatively new hacking group that surfaced in September, boasts responsibility for infiltrating the defences of the gaming giant. It is worth noting that the group is suspected to have connections with prior dark web forums and collectives.
Cyber Security Connect’s report reveals that the hack purportedly led to the exposure of sensitive data, including screenshots of Sony’s internal login page, an internal PowerPoint presentation containing test bench details, multiple Java files, and an extensive document tree housing 6,000 files.
Ransomed.vc proudly declared, “We have successfully penetrated all of Sony’s systems. Rather than demanding a ransom, we are opting to sell the data, as Sony has expressed reluctance to cooperate. The data is up for sale, and we are actively seeking buyers.”
Among the 6,000 files, a wide array of documentation is allegedly included, such as enigmatic “build log files,” an assortment of Java resources, and HTML data. Many of these documents are reported to be in Japanese. While Ransomed.vc has not disclosed a specific price for the data, they have provided contact information for Sony and indicated a “post date” of September 28, which may be when they intend to make the data public.
Recommended: 6 Methods Scammers Exploit Your Email Address
Notably, Ransomed.vc appears to function as both a ransomware operator and a ransomware-as-a-service provider. This implies that, in addition to conducting large-scale hacks on major corporations, Ransomed.vc, believed to be operating from Russia and Ukraine according to VGC, also collaborates with the European Union’s General Data Protection Regulation (GDPR) and other data privacy laws to identify vulnerabilities in company systems and report violations of these laws. According to Cyber Security Connect, the group exploits legal avenues to intimidate victims into compliance.
Sony, in response to inquiries from IGN on September 26, stated that they are actively investigating the situation and have no further comments to provide at this time.
This incident marks another security breach for Sony, a company that has previously fallen victim to cyberattacks. In 2011, Sony’s PlayStation Network experienced a massive breach that compromised approximately 77 million registered accounts and rendered online services inoperable. The severity of the breach required Sony to testify before Congress and offer games and financial compensation to affected users in the following years. While the current breach involving fewer than 6,000 files may not rival the magnitude of the PSN hack, it underscores the persistent threat of cyberattacks, emphasizing the need for Sony to enhance its security measures promptly.
