Sony's Insomniac Games addresses ransom leak – finally


Sony-owned Insomniac Games has finally put out an official statement regarding the ransomware leak of more than 1.6 million files – some of which included confidential details about its upcoming Wolverine Marvel game release.

The attack was claimed by the Rhysida ransom gang on December 11th.

“Thank you for the outpouring of compassion and unwavering support. It's deeply appreciated,” Insomniac Games posted on X – its first official statement on the entire ordeal.

ADVERTISEMENT

“We're both saddened and angered about the recent criminal cyberattack on our studio and the emotional toll it's taken on our dev team. We have focused inwardly for the last several days to support each other,” the statement began.

The California-based company went on to acknowledged the 1.67 TB of stolen data included “personal information belonging to our employees, former employees, and independent contractors.”

Cybernews can confirm the files also contained company financial information including dozens of bank account details, credit card account numbers, as well as “early development details about Marvel's Wolverine for PlayStation 5.”

“We continue working quickly to determine what data was impacted,” Insomniac said, adding that the “experience has been extremely distressing for us.”

IMAGE:

Rhysida Sony Insomniac leak pics
Rhysida leak site. Image by Cybernews.

Sony’s Insomniac was given a seven-day deadline to fork over a roughly $2 million ransom in Bitcoin to avoid the leak, but apparently the company, who has stayed mum until its December 22nd statement, chose not to bid on the stolen data.

ADVERTISEMENT

As soon as the Rhysida online auction ended, as promised, the gang leaked the trove of sensitive information on its dark leak site earlier this week.

Rhysida Sony Insomniac leaks
Rhysida leak site. Image by Cybernews.

The leaked files also revealed a licensing deal between Sony and Marvel worth more than $600 million to develop and market the X-Men games by 2035.

“We want everyone to enjoy the games we develop as intended and as our players deserve. However, like Logan...Insomniac is resilient, Marvel's Wolverine continues as planned,” it said.

“While we appreciate everyone's enthusiasm, we will share official information about Marvel's Wolverine when the time is right,” the company stressed.

The company concluded the statement by thanking its fans “for your ongoing support during this challenging time.”

Insomniac Games became part of PlayStation Studios after Sony Interactive Entertainment acquired it for $229 million in 2019.

Known for Spider-Man, Spyro the Dragon, Ratchet & Clank, and the Resistance franchise, Insomniac was founded in 1994 by Ted Price as Xtreme Software, a year later, it was renamed Insomniac Games.

Who is Rhysida?

The lesser-known threat actor hit the ransomware scene in late May, according to US government officials who profiled the group November 15th.

ADVERTISEMENT

The US Cybersecurity Infrastructure and Security Agency (CISA) said Rhysida is known for going after “targets of opportunity,” including education, healthcare, manufacturing, information technology, and government sectors.

The gang is known for it’s double extortion tactics and typically launches its unsophisticated namesake ransomware using phishing attacks and the Cobalt Strike pen-testing tool to breach a victim’s network.

The group is thought to have ties to the Vice Society ransom gang, notorious for its attacks on the education sector, primarily in the US, Canada, and the UK.

According to Ransomlooker, a Cybernews tool for ransomware monitoring, the gang has victimized more than 70 organizations over the last 12 months – more than triple the number of victims listed by US officials in August.