Sony, the iconic global entertainment colossus, is now caught in a digital vortex, with a nascent ransomware group, Ransomed.vc, asserting a massive breach. Despite their relative novelty, having been operational only since September, Ransomed.vc has garnered significant attention within the cybersecurity community, not least from trusted portals like Cyber Security Connect, due to the speed and audacity with which they’ve accumulated high-profile targets. Sony, it seems, is their boldest claim yet.
Quoting directly from Wikipedia, the group described Sony on their leak sites, accessible on clear and dark nets. They proclaim, “We have successfully compromised all of Sony systems. We won’t ransom them! We will sell the data. Due to Sony not wanting to pay. DATA IS FOR SALE,” followed by a chilling declaration, “WE ARE SELLING IT.”
In an attempt to verify their audacious claims, Ransomed.vc has presented what they believe to be proof-of-hack data. This purported evidence includes screenshots of an internal Sony log-in page, a PowerPoint presentation detailing testbench specifications, and an assortment of Java files. The group also showcased a file tree of their alleged haul, seemingly comprising fewer than 6,000 files. For a claim suggesting a breach of “all of Sony systems,” this appears remarkably limited. Notably, many of these files are replete with Japanese characters.
Interestingly, the group hasn’t placed a definitive price tag on the data. Instead, they’ve provided contact avenues via the Tox messaging service, Telegram, and email, presumably for potential buyers to reach out. A “post date” of September 28, 2023, has been ominously highlighted, hinting that if the data finds no buyer by then, Ransomed.vc might release it in its entirety.
As of now, there’s been radio silence from Sony’s end. There’s no acknowledgment of a potential breach on their official platforms. Queries have been sent to Sony for comments, awaiting an official statement.