Sony's Insomniac games leaked by Rhysida ransom gang


More than 1.3 million files – stolen from Sony-owned Insomniac Games in last week’s ransomware attack – have now been leaked online by the Rhysida gang.

Rhysida claimed the Insomniac hack of “exclusive, unique, and impressive data” on its dark leak site December 11th.

The stolen data was put up for auction with a seven-day deadline and a starting price of 50 BTC (about $2 million).

At the time, Sony’s PlayStation Studios did not respond to Cybernews for comment, but it appears no ransom was paid to the hackers by the given deadline.

“Not sold data was uploaded, data hunters, enjoy,” the group wrote with a sample of the data.

Rhysida Sony Insomniac leaks
Rhysida leak site. Image by Cybernews.

Part of the 1.67TB cache includes a treasure trove of sensitive data, including company financial information including dozens of bank account details, credit card account numbers, contractor and HR personnel files, system users, and detailed info on C-Suite executives and board members.

Another file titled “screen guide wolverine” contains dozens of screenshots relating to an apparent upcoming "Wolverine" game release, as well as game roadmaps, budgets, and more.

Rhysida Sony Insomniac leak pics
Rhysida leak site. Image by Cybernews.

The files also show the Japanese company plans to release several Marvel-inspired titles in the next decade, including "Spider-Man 3" and those based on Venom and X-Men, according to a Bloomberg report.

Insomniac and Marvel's licensing deal is as high as $621 million to develop and market the X-Men games by 2035, the report said.

Insomniac Games is an American video game developer based in Burbank, California. The company became part of PlayStation Studios after Sony Interactive Entertainment acquired it for $229 million in 2019.

Known for Spider-Man, Spyro the Dragon, Ratchet & Clank, and the Resistance franchise, Insomniac was founded in 1994 by Ted Price as Xtreme Software, a year later, it was renamed Insomniac Games.

Sony and more gaming hacks

The Tokyo-headquartered Sony Group, including its electronics division, PlayStation, and Sony Entertainment, is no stranger to cyberattacks.

In late June, the Cl0p ransom gang named Sony as one of its victims in the infamous MOVEit Transfer hacks.

More recently, in September, relative newcomer RansomedVC posted Sony on its dark web blog, but its claims were never fully confirmed.

At the time, Sony told Cybernews it was “investigating the situation.”

In 2011, the hacktivist group Anonymous infamously breached Sony’s PlayStation network in a less complicated distributed denial-of-service (DDoS) attack.

The nearly month-long attack incapacitated the PlayStation network, preventing players from accessing gaming services and compromising the personal accounts of over 77 million players.

Sony is also not the only game-maker to be hit by hackers.

Last fall, in one of the biggest gaming leaks of all time, a lone threat actor leaked multiple videos online of the upcoming Grand Theft Auto 6 video game after allegedly hacking its maker, Rock Star Games.

And this March, a pro-Russian online gamer community hacked the Ukrainian-owned GSC Game World, leaking 30GB of upcoming release materials from its S.T.A.L.K.E.R. 2 franchise, accusing the company of blatant anti-Russian sentiment.

Who is Rhysida?

The lesser-known threat actor hit the ransomware scene in late May, according to US government officials who profiled the group November 15th.

The US Cybersecurity Infrastructure and Security Agency (CISA) said Rhysida is known for going after “targets of opportunity,” including education, healthcare, manufacturing, information technology, and government sectors.

Rhysida has also been observed operating as a ransomware-as-a-service (RaaS) outfit, leasing out ransomware tools and infrastructure in a profit-sharing model.

The group reportedly engages in ‘double extortion’ demanding a ransom payment to decrypt victim data and threatening to publish the sensitive exfiltrated data unless the ransom is paid, CISA said.

Known to initially exploit its targets using social engineering to obtain valid credentials and escalating priveledges via public facing applications, the group often sets up live auctions on its dark leak site, offering up its victim’s data to the highest bidder.

Rhysida 71 victims December 2023
Rhysida leak site. Image by Cybernews.

Rhysida made waves after a successful attack on the Chilean government, which included leaking stolen data online in June.

In August, the group claimed responsibility for a debilitating attack on the US healthcare conglomerate Prospect Medical Holdings, forcing several hospitals and medical facilities to suspend services for days.

Other victims hit by the gang include the Washington State’s Pierce College and the Prince George County school district in Maryland.

The group is thought to have ties to the Vice Society ransom gang, notorious for its attacks on the education sector, primarily in the US, Canada, and the UK.

According to Ransomlooker, a Cybernews tool for ransomware monitoring, the gang has victimized more than 70 organizations over the last 12 months – more than triple the number of victims listed by US officials in August.