According to Cyber Security Connect, ransomware group Ransomed.vc allegedly successfully breached all of Sony’s systems and is threatening to sell what they took. Ransomed.vc posted a message on its leak sites both on the clear and dark nets saying “Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan. We have successfully compromissed [sic] all of sony systems. We wont ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE,” the group adds, before declaring “WE ARE SELLING IT.”
Cyber Security Connect says that Ransomed.vc appears to be both a ransomware operator and a ransomware-as-a-service organization. The company is currently advertising for “affiliates” to sign up. They claim not only to be a “secure solution for addressing data security vulnerabilities within companies,” but also to be operating “in strict compliance with GDPR and Data Privacy Laws.”
The group shared some proof of the hack, screenshots of an internal login page, a internal PowerPoint presentation outlining test bench details, and a number of Java files.
They also posted a file tree of the entire leak. The tree appears to have less than 6,000 files including “build log files,” a wide range of Java resources, and HTML files. Cyber Security Connect notes that the number of files seems small for “all of Sony systems.”
At the end of its message, Ransomed.vc says “In cases where payment is not received, we are obligated to report a Data Privacy Law violation to the GDPR agency!” They also have a “post date” of September 28, where they would publish the data wholesale if nobody purchases the data.
This wouldn’t be the first time a major breach affected PlayStation. Back in 2011, PlayStation Network suffered a massive breach where the personal details of 77 million accounts were compromised. The service had to be taken offline for 23 days.
Sony estimated that the hack would cost the company more than $100 million. They were forced to apologize to players and developers whose game launches were disrupted or whose online services were left unavailable.
Sony would have to contend with 55 class action lawsuits and agreed to offer compensation for those affected, including free games. Hopefully, this breach doesn’t lead to anything like that.