Sony Group facing another ransomware attack

Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan

Ransomware group Ransomed<dot>vc claims to have successfully breached Sony Group and is threatening to sell a cache of stolen data to the Japanese company. While its claims remain unverified, Cyber Security Connect reports that the relative ransomware newcomer has "racked up an impressive number of victims" since bursting onto the scene last month. "We have successfully compromised [sic] all Sony systems," the group claimed on both the clean and dark web. "We will not buy them out! We will sell the data. Because Sony does not want to pay. THE DATA IS FOR SALE."

According to Cyber Security Connect, the group has released some proof-of-hack data, though it says it's "not particularly compelling information at first glance." It includes what appear to be screenshots of the internal login page, an internal PowerPoint presentation, several Java files, and a leak file tree that appears to contain less than 6,000 files. Most Ransomed <dot>vc members are said to be operating outside of Ukraine and Russia.

The price demanded for the theft is not stated. The group asked potential buyers to contact it via the Tox messaging service.

Sony isn't the only company listed on the Ransomed.vc dark web. The group also claims to have hacked Japanese mobile operator NTT Docomo and is demanding a $1.015 million ransom for not disclosing the stolen data. There are also dozens of other victims on the site, though most are small businesses.

Ransomed.vc first appeared in late August. Incident response analyst Ron Kaminsky wrote on LinkedIn that the group adopted a unique tactic involving the European Union's General Data Protection Regulation. The group threatens compromised companies with the prospect of GDPR fines after their sites are breached.

"Essentially, Ransomed VC is using the fear of these significant fines to extort money from companies," Kaminsky explained. "This is an unusual approach, as most extortion or ransomware groups typically focus on encrypting data and demanding a ransom for its release, rather than exploiting data protection laws for financial gain."

At the time of writing, Sony has neither confirmed nor denied that it was attacked by Ransomed.vc.

Sony made a fortune with the Walkman, a device that was popular in its own right thanks to the ubiquity of double-decker cassette decks, allowing for both radio recording and cassette swapping. Then Sony's record company division got too deep in bed with their consumer electronics division...Minidisc/NetMD were innovative products for their time, but they used DRM at levels that other things didn't.

Assuming Ransomed.vc's claims are true, this isn't the first time Sony has been hacked. The company was targeted by North Korea-linked hackers in 2014, which delayed the release of a film about North Korea. The hack also led to network problems, embarrassing revelations of internal correspondence and secrets, including finances and film scripts, and the release of celebrity personal information.

The problem of stolen data from game companies is not new, as earlier this year Riot Games experienced a "social engineering attack" that affected its upcoming releases. Riot confirmed that the attackers had targeted and successfully obtained the source code for titles such as League of Legends and Teamfight Tactics, but made it clear that they would not pay the ransom that the hackers demanded.

Sony has yet to comment on the alleged data hack and Ransomed.vc's apparent demands, nor is it known what exactly has been done or what steps Sony will take to protect consumers.

The company has previously been the target of hackers, who had to infamously disable servers for the PlayStation Network on April 20, 2011, after an "external intrusion" led to the compromise of personal information from millions of accounts.

Sony has been fined £250,000 ($396,100) by UK regulators for a "serious breach" of data protection law at the time, which they say "could have been prevented".