In a concerning development, the notorious ransomware group Ransomed.vc has announced a successful infiltration into the systems of Sony Group, stirring fears of a potential data breach reminiscent of the 2011 PlayStation Network incident. The group has now set its sights on selling the pilfered data from the Japanese conglomerate.
With audacious confidence, Ransomed.vc declared, “We have successfully compromised all of Sony systems,” disseminating their message across both the clear and dark corners of the internet. In a surprising twist, the group is opting not to demand a ransom payment but instead threatens to auction off the acquired data, citing Sony’s unwillingness to comply with their demands. Their chilling message echoes: “DATA IS FOR SALE.”
Although Ransomed.vc has released some evidence of their intrusion, cybersecurity experts remain somewhat unimpressed by the quality of the exposed information. The data offered as proof includes screenshots that appear to be from an internal login portal, a PowerPoint presentation, a few Java files, and a file directory detailing the breach, containing fewer than 6,000 items.
The group has specified a “post date” of September 28 as the deadline for potential buyers to step forward. Should no payment be received by that date, Ransomed.vc has vowed to release the data en masse, potentially causing significant harm to Sony.
Ransomed.vc operates as both a ransomware operator and a provider of ransomware-as-a-service. They market themselves as a “secure solution for addressing data security vulnerabilities within companies” and assert strict adherence to GDPR and Data Privacy Laws. Additionally, they have declared their readiness to report violations to the GDPR agency if their payment demands are not met.
Notably, the majority of Ransomed.vc’s members are believed to be located in Russia and Ukraine, adding a geopolitical dimension to this cybersecurity threat.
Sony has had a turbulent history with data breaches, most notably in 2011 when the PlayStation Network suffered a major breach, exposing personal information from nearly 77 million user accounts and resulting in a 23-day service outage. This incident incurred initial costs of over $100 million for Sony and prompted apologies to affected players and developers who faced delays and service disruptions.
Ultimately, Sony provided compensation to those affected, including free games. In the wake of the crisis, Jack Tretton, the head of PlayStation in the US, expressed gratitude to players and reassured the gaming community of Sony’s unwavering commitment to security and entertainment. He acknowledged the financial toll on third-party publishing partners and reaffirmed Sony’s dedication to delivering a secure and enjoyable PlayStation experience for all users.
As the threat of a data breach looms once again, the cybersecurity world watches closely to see how Sony will respond and whether history will repeat itself with another high-stakes battle against cyber adversaries.