On September 25, a ransomware group that calls itself Ransomed.vc put out a message claiming it successfully hacked into Sony’s systems and stole valuable data. The group which was formed just last month already has an impressive track record of breaching the firewall of big corporations.
According to an article posted by the Australian cybersecurity publication Cyber Security Connect, Ransomed.vc has deep connections with dark web forums and groups.
Sony Cyberattack: Ransomware Group’s $2.5 Million Data Heist
The hacker group has since launched a Sony leak website on the clear and dark web where they posted a message declaring that all of the company’s systems were compromised and even threatened to sell the stolen data if Sony did not pay them.
To prove they were not bluffing, Ransomed.vc published a proof-of-hack comprising screenshots of Sony’s internal system log-in pages, PowerPoint presentations detailing test bench scores of its upcoming devices, and several programming files.
Cyber Security Connect said the group posted an entire file tree of the leak that appears to have less than 6,000 files, which the publication said was a small number considering all systems of a megacorporation like Sony were hacked. The documents also included “build log files”, Java resources, and several HTML files that featured prominently Japanese characters.
Ransomed.vc Demand Sony To Pay $2.5 Million For Returning Stolen Data
In their message, the ransomware group said they had stolen 260 GB worth of data and wouldn’t be ransoming them. Instead, they are threatening to sell the files to whoever is willing to pay $2.5 million for it.
Ransomed.vc has left contact details on the leak website for Sony to get in touch and warned that if the company does not make the payment before September 28, they will simply post the data online.
The Group Uses Data Privacy Laws To Bully Victims Into Submission
An interesting piece of information revealed about the group was that they are both a ransom operator and a ransomware-as-a-service organization that seems to function in strict compliance with the European Union’s General Data Protection and Regulation (GDPR) and other regional data privacy laws.
Ransomed.vc, whose members are said to operate out of Russia and Ukraine, reports data privacy vulnerabilities and violations by company systems to relevant authorities. Cybersecurity analysts say the group leverages credible laws to bully its victims into submission.
In a similar fashion, the ransomware group said if it does not receive a ransom payment from Sony, it will be obligated to report the incident as a case of data privacy law violation to the EU GDPR.
Discover more: Hackers Exploit Alphapo Hot Wallet For $31 Million
Sony’s Suffered Heavy Losses In A 2011 Hack On The PlayStation Network
However, this is not the first time the tech giant’s internal systems have been compromised. Back in 2011, Sony’s PlayStation Network (PSN) suffered a massive hack, which resulted in the personal details of approximately 77 million users being leaked. The breach caused the PSN to go offline for nearly a month, disrupting game launches and customer services and causing over $170 million in damages to the company.
At the time, Intelligence officials from the United States evaluated the software, techniques, and network sources used in the hack to determine that it was sponsored by the government of North Korea.
Sony had to face 55 class-action lawsuits and agreed to pay $17.5 million, or $2,500 per head, as compensation to PSN users to settle the case. Affected players were given the option to download three PlayStation 3 (PS3) or PlayStation Portable (PSP) games for free or get a three-month subscription to PlayStation Plus.
Responding to questions about the latest hack, Sony said it is currently investigating the case with the help of cybersecurity agencies and law enforcement officials.
So far, over 3 GB worth of uncompressed data belonging to the company has been dumped on hacker forums by the ransom-as-a-service organization.