Moin Khot
Sep, 26.2023
In a startling cybersecurity development, Sony finds itself under threat once again, as a relatively new ransomware group, Ransomed.vc, claims to have breached the company's systems. This revelation comes from Australian cybersecurity publication Cyber Security Connect, which reported the incident on September 25.
Sony Systems Allegedly Hacked By a Ransomware Group
Ransomed.vc, a group that emerged only this September, has taken credit for infiltrating Sony's infrastructure. Although the group is relatively new, Cyber Security Connect suggests that Ransomed.vc may have affiliations with earlier dark web forums and hacking collectives. The breach allegedly resulted in the exposure of various sensitive materials from Sony's internal systems.
Among the leaked data are screenshots of Sony's internal login page, an internal PowerPoint presentation detailing test bench information, numerous Java files, and an extensive document tree containing a staggering 6,000 files. What sets this breach apart is the hacker group's stated intention: they are not demanding a ransom from Sony; instead, they plan to sell the pilfered data, citing Sony's unwillingness to meet their demands.
Within this treasure trove of information are diverse documents, including mysterious "build log files," a multitude of Java resources, and HTML data, much of which is reported to be in Japanese. The group has not disclosed a specific price for this data but has provided contact details for Sony to initiate discussions. The "post date" mentioned is September 28, which suggests the group may choose to release all the data if their demands are not met by then.
One intriguing aspect of Ransomed.vc is its dual role as both a ransomware operator and a provider of ransomware-as-a-service. This means that, in addition to executing large-scale hacks on major corporations like Sony, Ransomed.vc, allegedly operating from Russia and Ukraine according to VGC, collaborates with the European Union's General Data Protection Regulation (GDPR) and other data privacy laws to expose vulnerabilities in company systems and violations of these laws. Cyber Security Connect reports that the group leverages these laws to exert pressure on its victims.
Despite the gravity of the situation, Sony has not issued any public statements regarding the breach or its potential impact on the company. Journalists from Kotaku have reached out to Sony for an official statement, further emphasizing the need for transparency and clarification.
Also read: Egoist Joins BLEED: A Redemption Journey in VALORANT Esports
This incident is not Sony's first encounter with cybersecurity threats. In 2011, the company suffered a major breach when its PlayStation Network was compromised, affecting approximately 77 million registered accounts and rendering online features unusable. The consequences were significant, requiring Sony to explain the breach to Congress and compensate affected users with games and monetary reparations. While the scale of this recent breach may not rival the 2011 incident, it underscores the continued importance of robust cybersecurity measures for corporations like Sony.