Spider-Man game creator claimed by ransom gang

Ransomware cartel Rhysida has targeted video gaming developer Insomniac Games, known for Spider-Man, Spyro the Dragon, and Ratchet & Clank. The gang is auctioning stolen data starting at $2 million in digital currency.

Rhysida claims to have stolen “exclusive, unique, and impressive data” from Insomniac, but there are no details as to the amount or contents.

However, low-quality screenshots put up by the gang include some confidential internal emails, copies of passports and personal ID cards, and images of game assets or gameplay.

The data is put up for auction for one week, with more than six days left on the clock, the starting price is set to 50 BTC (about $2 million). Ransomware actors are known to pressure companies into paying ransoms by setting short deadlines.

Cybernews reached out to Insomniac owner PlayStation Studios for comment but did not receive a reply before publishing.

“With just seven days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data. Open your wallets and be ready to buy exclusive data. We sell only to one hand [sic], no reselling, you will be the only owner,” Rhysida’s post on the dark web blog reads.

Insomniac Games is an American video game developer based in Burbank, California. The company became part of PlayStation Studios after Sony Interactive Entertainment acquired it for $229 million in 2019.

Insomniac was founded in 1994 by Ted Price as Xtreme Software, a year later, it was renamed Insomniac Games.

The latest offering from Insomniac Games is Marvel’s Spider-Man 2, released on October 20th. Other franchises include Ratchet & Clank, Resistance, and the popular Spyro the Dragon series.

Rhysida ransomware is a newcomer to the cybercriminal scene, first observed in May this year. The US Cybersecurity Infrastructure and Security Agency (CISA) describes it as a threat actor known to impact “targets of opportunity”, including education, healthcare, manufacturing, information technology, and government sectors.

Rhysida has also been observed operating as a ransomware-as-a-service (RaaS) outfit, leasing out ransomware tools and infrastructure out in a profit-sharing model.

Cybernews reported that Rhysida is also thought to have ties to Vice Society, another notorious threat group known for its attacks on the education sector, primarily in the US, Canada, and the UK.

Rhysida made waves after a successful attack on the Chilean government, which included leaking stolen data online in June and the Prospect Medical Group in August.

According to Ransomlooker, a Cybernews tool for ransomware monitoring, the gang has victimized nearly 50 organizations over the last 12 months.

In late June, Sony was claimed as one of the Cl0p ransom gang victims in the infamous MOVEit Transfer hacks. Sony Interactive Entertainment, a Sony branch responsible for developing PlayStation consoles, said that thousands of its former employees had their data exposed in the largest breach of 2023.