Summary
Sonyis dealing with what could be a major potential data security breach, as a ransomware group is trying to sell stolen data it’s taken from “all Sony systems” which may include PlayStation. While it’s impossible to tell whether the ransomware group’s claims are accurate, it’s nevertheless made posts online attempting to begin negotiations for the sale ofSony’s data through encrypted proxies. The group also claims that it tried to ransom the data to Sony directly, but that Sony rejected its offer.
Details regarding the group behind the allegedransomware attackare thin, understandably, but a report from SOCRadar in September now seems eerily prescient. The report mentions monitoring Telegram for threat actors and dark web activities. A group named RansomForums was under monitoring and announced that it would be doing a project named Ransomed.vc. That’s the name that’s being used by the group allegedly holding data from Sony.
RELATED:GTA Modder’s October 2022 Data Breach Exposed Over 100,000 Emails
In a report from CyberSecurityConnect, details regarding the security breach from Ransomed.vc on Sony were shared. A statement from the ransomware groups explains that it “successfully compromised [sic] all of Sony Systems” and that it is selling all the data that it stole. The statement mentions having data specifically fromSony Group Corporation and Sony Corporation, though it also states that the data is from “SONY.com” elsewhere. Whether data was genuinely stolen or not has not been verified, either by Sony or third parties.
There is evidence of some kind of data leak, though. The ransomware group provides both a sample of the data it’s selling and a file tree of all that was taken. The data comprises fewer than 6,000 files of unclear origin, which perhaps means it’s more limited than implied. CyberSecurityConnect’s report mentions that the leak includes various log files, Java resources, and HTML files. Many of these files appear to have Japanese characters. There was no mention of whether PlayStation orPlayStation hardwareis involved.
The Randsomed.vc statement also mentions that it’s only offering the Sony data publicly because an attempted ransom directed at Sony was rejected. “Due to Sony not wanting to pay. DATA IS FOR SALE,” reads the message. No price is mentioned for the data. Potential buyers are told to message the ransomware group via the encrypted chat software Tox.
Ultimately, the seriousness of the Sony leak remains in question, if it isn’t a hoax in the first place. It isn’t clear what data was taken or if that data has any key internal or personal information. It could be 6,000 files associated with Sony’s websites and nothing more. These types of ransomware attacks don’t typically work out well for the ransomers, either. Theperson behind the huge recentGrand Theft Auto 6hackwas arrested around half a year after leaking Rockstar’s assets. For now, PlayStation fans andSonycustomers would be best served waiting to see what comes of the situation.
