In a startling revelation, the digital world has been hit with another cyberattack, this time on the global entertainment behemoth, Sony. The culprits behind this audacious hack are relative newcomers to the ransomware arena, operating under the name Ransomed.vc.
Who is Ransomed.vc?
Ransomed.vc emerged on the ransomware scene in September, with tenuous links to former forums and groups. Despite its nascent presence in the ransomware ecosystem, it has quickly gained notoriety for claiming several significant cyber victories. Sony, the Japanese multinational conglomerate headquartered in Minato, Tokyo, is the latest in their line of victims.
Claims and Threats
Ransomed.vc’s public statement, sourced from both clear and dark net leak sites, hints at the enormity of the breach. The group, borrowing a description from Wikipedia, announced their successful compromise of Sony’s systems. In an unusual turn, the group stated its intention not to ransom Sony but to sell the allegedly acquired data, citing Sony’s unwillingness to pay.
The bold assertion, “WE ARE SELLING IT”, leaves no room for ambiguity regarding their intentions. While the group has presented proof of the hack, the provided evidence—a few screenshots of an internal login page, an internal PowerPoint about test bench details, and some Java files—doesn’t provide concrete affirmation of the breach’s extent.
Additionally, Ransomed.vc has shared a file tree of the purported leak. However, skeptics have pointed out that the less than 6,000 files presented seem underwhelming for a company of Sony’s stature and infrastructure. The displayed files encompass “build log files,” Java resources, and HTML files, with a notable presence of Japanese characters.
The group hasn’t specified a price for the data. Instead, they’ve furnished contact details, implying negotiations are welcome. Moreover, a concerning “post date” of 28 September 2023 indicates a potential release date for the data if it remains unpurchased.
At the time of this report, Sony has remained silent on the issue. There is no public acknowledgment of any cybersecurity breaches on their official platforms. Efforts to get a response from Sony regarding the alleged incident are ongoing.
The Dual Face of Ransomed.vc
Ransomed.vc’s operations aren’t limited to mere ransomware attacks. They’ve positioned themselves as a ransomware-as-a-service entity, actively recruiting affiliates. What sets them apart from other ransomware groups is their audacious claim of operating within the legal parameters of GDPR and Data Privacy Laws.
They argue that their activities provide a “secure solution” for addressing corporate data vulnerabilities. In a rather ironic twist, Ransomed.vc asserts that if a victimized company does not pay, the group would report a Data Privacy Law violation to GDPR agencies.
The rise of Ransomed.vc underscores the evolving and complex landscape of cyber threats. Sony’s alleged breach, if proven true, is a testament to the advanced capabilities of even newly emerged cybercrime groups. Organizations, irrespective of their size, must remain vigilant, ensuring robust cybersecurity measures are in place.
The Sony incident serves as a stark reminder of the digital age’s vulnerabilities. As cybercriminals continue to advance their techniques, the urgency for robust cybersecurity frameworks and international cooperation to combat such threats becomes paramount.