Sony breach: company investigating ransomware claims

Updated on: 15 November 2023

Vilius Petkauskas
Deputy Editor

Image by Cybernews.

Attackers claim that Sony Group Corporation, a Japanese multinational conglomerate corporation, has had its systems compromised. The company says its looking into the situation.

Cybercriminal cartel RansomedVC posted Sony on its dark web blog, which the gang uses to showcase its latest victims. The attackers claim that they‘ve breached the Japanese tech and media behemoth and compromised all of its systems. Meanwhile, Sony says the company is examining the claims.

“We are currently investigating the situation, and we have no further comment at this time,“ the Sony's representative told Cybernews.

The cybercrooks say that they’ll no longer demand a ransom payment from Sony, as the company refused to pay. Instead, the attackers say that they plan to sell the stolen dataset. This is a common tactic among ransomware cartels: victims who refuse to pay are threatened with their data being sold to the highest bidder.

Sony ransom note — Post selling data allegedly taken from Sony. Image by Cybernews.

The price that the attackers have set for a dataset supposedly covering all of Sony‘s systems stands at $18,000.

According to the Cybernews research team, the data sample that the attackers provided in the post doesn’t reveal a great deal about the quality or importance of the data. The sample contains a PowerPoint presentation, a couple of screenshots of what looks like an internal Sony workstation, and a few Java files.

After the first post regarding allegedly stolen Sony data, another forum user posted an ad on the same data leak forum, saying that he was offering the data for free. The user claims the leaked database includes credentials for the company's internal systems, SonarQube and Creators Cloud data, Sony's certificates, a device for generating licenses, and other information.

twitter

If confirmed, the attacks would mark the second time that Sony has been breached in the past three months. In late June, the Cl0p ransom gang named Sony as one of its victims in the infamous MOVEit Transfer hacks.

The Tokyo-headquartered Sony Group, including its electronics division, PlayStation, and Sony Entertainment, is no stranger to cyberattacks.

In 2011, the hacktivist group Anonymous infamously breached Sony’s PlayStation network in a less complicated distributed denial-of-service (DDoS) attack.

The nearly month-long attack incapacitated the PlayStation network, preventing players from accessing gaming services and compromising the personal accounts of over 77 million players.

RansomedVC is a relative newcomer, first observed in 2023. The group has already targeted the Hawaii Health System, TransUnion, and other organizations.