New Ransomware Gang Hits Sony

Ransomed.vc debuted in September. It has made several successful attacks, including Sony Group Corporation, the Japan-based multinational.

It has released messages on leak sites on both the clear and dark web. This quote [with spelling uncorrected] claims to have “successfully compromissed all of sony systems. We wont ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE, WE ARE SELLING IT.”

No price is listed, but contact details are provided. The data includes some that were supposed to be hack-proof, but reporting by David Hollingworth on Cybersecurity Connect characterizes as mundane much of the information posted as proof of the hack – screenshots of an internal log-in page, an internal PowerPoint presentation outlining test bench details, and some Java files.

There are doubts about how serious the breach was. In a post dated Sept. 25, vx-underground noted that no corporate data was stolen, and services were not impacted. According to Dark Reading, data was collected from developer tools used by the company, including Jenkins, SVN, SonarQube, and Creator Cloud Development, along with some other credentials and files that probably aren’t critical.

Ransomed.vc also posted a file tree of the entire leak, including “build log files”, Java resources, and HTML files. The files feature Japanese characters prominently.

In 2011, Sony’s PlayStation Network suffered a massive breach. The protected personal information of approximately 77 million accounts was compromised, and the service was offline for more than three weeks. Initial estimates said the hack would cost more than$100 million. Sony defended more than 50 class action lawsuits as a result and agreed to offer compensation.