A new ransomware group says it has breached Sony completely

News
By
published

It is selling some 6,000 Sony files allegedly stolen in the breach

ID theft
Image credit: Pixabay (Image credit: Future)

A new ransomware threat actor claims to have breached entertainment giant Sony.

In an ad recently posted on the dark web, the group, going by the name Ransomed.vc, said it breached all systems belonging to Sony and stole sensitive corporate data. 

Given that the company isn’t keen on paying the ransom demand, the group is now selling the stolen data.

New players

The ad, seen by researchers at Cybersecurity Connect, also features a small sample of the data, which the publication says isn’t “particularly compelling”. It includes screenshots of an internal log-in page, an internal PowerPoint presentation outlining testbench details, and some Java files. 

The group also posted a file tree of the entire leak, showcasing around 6,000 files. For the researchers, this is relatively small, if “all of Sony systems” were compromised. Still, the file tree shows “build log files”, some Java resources, and HTML files. Plenty of the stolen files were in Japanese, it was noted. 

The group did not say how much money it was looking to make on the database. So far, Sony hasn’t made any announcements regarding the breach.

Ransomed is a relatively new player on the scene, apparently emerging only this month, but it does have some connections to older groups. In its short lifespan, it has already managed to rack up a few victims, including Japanese mobile operator NTT Docomo. Reports claim the group has listed “dozens” of victims on its leak site. 

When it first emerged, the group apparently adopted a unique strategy by threatening to report its victims to EU authorities if they didn’t pay up, citing violation of data privacy laws in the region.

“In essence, Ransomed VC is leveraging the fear of these substantial fines to extort money from companies,” said Incident Response Analyst Ron Kaminsky in its analysis of the group. “This is an unusual approach, as most extortion or ransomware groups typically focus on encrypting data and demanding a ransom for its release, rather than exploiting data protection laws for financial gain.”

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.