Highlights
A ransomware group claims to have stolen data from Sony, possibly including PlayStation, and is attempting to sell it online through encrypted proxies.
The group attempted to offer the ransomed data directly to Sony, but their offer was rejected. As a result, the group decided to make the data available for sale to the public.
The full scope and specifics of the data leak remain uncertain. However, there is evidence indicating that a few files were compromised, including log files, Java resources, and HTML files. It should be noted that some of these files contain Japanese characters.
Sony is facing a potential major data security breach as a ransomware group attempts to sell stolen data, including information from all Sony systems, potentially including PlayStation. The authenticity of the group's claims cannot be confirmed, but they have made online posts seeking to negotiate the sale of Sony's data through encrypted proxies. The group has also stated that they initially tried to ransom the data directly to Sony, but their offer was rejected.
Limited information is available on the group responsible for the alleged ransomware attack. However, a report from SOCRadar in September appears to have predicted this development. The report mentioned monitoring Telegram for threat actors and dark web activities and identified a group called RansomForums, which announced their project Ransomed.vc, the same name being used by the group claiming to possess Sony's data.
In a report shared by CyberSecurityConnect, details about the security breach on Sony by Ransomed.vc were revealed. A statement issued by the ransomware groups claims that they have successfully compromised all systems of Sony and are now selling the stolen data. The statement specifically mentions data from Sony Group Corporation and Sony Corporation, but also refers to it as being from "SONY.com" in other parts. The veracity of the stolen data has not been confirmed by either Sony or third parties.
There is evidence of a data leak. The ransomware group has provided a sample of the data they are selling, along with a file tree showing all that was taken. The data consists of less than 6,000 files with an unclear origin, suggesting that it may be more limited than initially thought. CyberSecurityConnect's report indicates that the leak includes various log files, Java resources, and HTML files, many of which contain Japanese characters. There is no mention of any involvement of PlayStation or PlayStation hardware.
In their statement, Randsomed.vc also mentions that they are making the Sony data available publicly because their attempt to ransom Sony was rejected. The message reads, "Due to Sony not wanting to pay. DATA IS FOR SALE." No price is specified for the data. Potential buyers are instructed to contact the ransomware group via the encrypted chat software Tox.
The seriousness of the Sony leak is still uncertain, as it may possibly be a hoax. The nature of the data breached and whether it contains important internal or personal information remains unclear. It is possible that it only consists of 6,000 files related to Sony's websites and nothing more. Additionally, ransomware attacks like this tend to have unfavorable outcomes for the attackers. In a similar incident, the individual responsible for the significant Grand Theft Auto 6 hack was apprehended approximately six months after leaking Rockstar's assets. As a result, it would be advisable for PlayStation fans and Sony customers to exercise patience and observe how the situation unfolds.
