Ransomware group offering Sony data for sale

Claims to possess around 6,000 files from the Japanese giant

Ransomware group offering Sony data for sale after hacking the company's systems, report

Image:

Ransomware group offering Sony data for sale after hacking the company's systems, report

A ransomware group known as Ransomed.vc says it has breached Japanese mega-conglomerate Sony Group, and is now offering to sell the stolen data.

Cybersecurity Connect was first to report the hack, noting that although Ransomed.vc had shared some proof-of-hack data, it is not particularly convincing information.

"We have successfully compromised all of sony [sic] systems," the group wrote.

"We won't ransom them! We will sell the data. Due to Sony not wanting to pay. DATA IS FOR SALE."

The published data comprises screenshots of an internal login page, an internal PowerPoint presentation, multiple Java files and a file tree of the leak. In total, around 6,000 files have apparently been compromised.

A large number of sample files prominently display Japanese characters.

While it has not specified a price for the data, Ransomed.vc has provided contact details for the Tox messaging service, as well as Telegram and email.

The group has additionally listed a "post date" of 28th September 2023. It is assumed that if no one acquires the data before this date, Ransomed.vc will release it in its entirety.

As of the time of writing, Sony has not released a public statement about a breach.

Seeking affiliates

Ransomed.vc seems to function as both an independent ransomware operator and a provider of ransomware-as-a-service.

Despite some connections to earlier forums and groups, it has only been active since late August. Currently, the group is actively seeking "affiliates" to join its ranks.

The majority of Ransomed.vc's members are reportedly based in Ukraine and Russia.

The group says it provides a "secure solution for addressing data security vulnerabilities within companies" and claims to operate "in strict compliance with GDPR and Data Privacy Laws."

"In cases where payment is not received, we are obligated to report a Data Privacy Law violation to the GDPR agency!" it says.

This is a transparent attempt to make victims pay up. Any real pentest company would need to report an outstanding violation as part of the normal course of doing business.

Sony is not the only company listed on the Ransomed.vc dark web site.

The group also claims to have compromised Japanese mobile operator NTT Docomo, demanding a ransom payment of $1 million.

However, the majority of victims appear to be small firms.

If Ransomed.vc's claims are accurate, this would not be the first time that Sony has experienced a significant security breach.

Sony's PlayStation Network was breached in 2011, exposing personal information from around 77 million accounts and forcing Sony to suspend the service for several days.

Following the 2011 breach, Sony faced as many as 55 class action lawsuits and eventually agreed to provide compensation to those affected, including offering free games.

In 2014, Sony was targeted by hackers with suspected links to North Korea, delaying the release of The Dictator, a film that depicted North Korea.

The 2014 hack not only caused network disruptions but also resulted in the embarrassing exposure of internal communications and secrets, including financial information and movie scripts.

Additionally, celebrities' personal details were released as part of the breach, causing significant concerns and repercussions for Sony.