Sony, the renowned global entertainment giant, is grappling with a severe cybersecurity breach. On September 25th, it was reported by an Australian Publication called Cyber Security Connect, that a ransomware group called “Ransomed.vc” has compromised “all of Sony’s systems”.
In a display on public forums and the dark web, Ransomed.vc boldly asserts “We won’t ransom them! We will sell the data. Due to Sony not wanting to pay. DATA IS FOR SALE. WE ARE SELLING IT.” To credit their claims the group provided “proof” of their hack, that includes a screenshot of an internal Sony login page, a PowerPoint presentation outlining test bench details, JavaScript files, and a comprehensive document tree of the entire leak housing 6,000 files.
While Ransomed.vc has not yet disclosed a specific price for the data, they have left contact details for Sony to get in touch, all while adding a post date for September 28th. After this deadline, the group threatens to release the data freely, escalating the stakes.
Sony’s response to this, as reported by IGN on September 26th, is guarded but vigilant: “We are currently investigating the situation, and we have no further comment at this time.”
The intriguing aspect of this breach lies in the multifaceted nature of Ransomed.vc, which serves as both a ransomware operator and a provider of ransomware-as-a-service. This unique duality enables the group not only to execute high-profile breaches on prominent corporations but also to collaborate with the European Union’s General Data Protection and Regulation (GDPR) framework and other data privacy regulations. They use these partnerships to pinpoint vulnerabilities within company systems and instances of legal non-compliance.
As reported by Cyber Security Connect, this strategic alignment with legal mechanisms may serve as a means to pressure victims into compliance, raising questions about the future landscape of cybersecurity, shrouding it in an aura of uncertainty.
Sony Cybersecurity History
This incident is a grim reminder of Sony’s previous cyber attack that occurred in 2011, as the company suffered a massive breach that compromised over 77 million users of it’s PlayStation Network. The severity of that breach had Sony take PSN down for nearly a month.
Comparisons
Comparatively, the current breach involving 6,000 files may appear minuscule when set against the backdrop of the 2011 catastrophe. However, it underscores the critical nature of cybersecurity in today’s digital landscape. Regardless of scale, a breach remains a breach.
Reminder
As we head into Cybersecurity Awareness Month in October, this incident serves as a reminder the importance of cybersecurity and practices. It is important to remember to never use the same password across multiple accounts, implement multifactor authentication whenever its available, and to exercise caution when sharing sensitive data.
We will closely monitor this developing story and provide updates as more information surfaces.