Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label RansomedVC. Show all posts

RansomedVC Ransomware Group Claims to Have Breached Sony Network


A Ransomware group called ‘RansomedVC’ claims to have successfully breached the networks of conglomerate and entertainment giant Sony Group Corporation. It is threatening to sell the supposedly stolen data on the dark web.

According to a report by Cyber Security Connect, the ransomware group has compromised Sony’s systems and says that since the company was not willing to fulfil its ransom demands, the stolen data has already been sold. 

RansomedVC, in their dark web portal, states that "We have successfully compromised [sic] all of Sony systems. We wont ransom them! we will sell the data. due to Sony not wanting to pay. DATA IS FOR SALE[…]"WE ARE SELLING IT". 

However, since Sony has not yet confirmed the claims, it is possible that they are false, or at least overstated. 

It appears that Sony is not overly concerned over the issue, given that the ransomware group has not shared any interesting information, despite the fact that it has provided some proof-of-hack data. Reportedly, there are images of a testbench information-filled PowerPoint presentation from Sony's Quality Assurance Division, a screenshot of an internal login page, and several Java files.

Also, RansomedVC has shared a file tree of the data breach. It contains not more than 6,000 files, a small number indeed when compared with the sizable conglomerate data. The stolen data includes “build log files,” a wide range of Java resources, and HTML files, and files displaying Japanese characters. 

While the issue does not appear to be serious at the moment, it must be taken into account that RansomedVC was in fact behind some of the most infamous attacks, such as the assault on the Hawaiian government-owned website. 

Previous Attacks on Sony

Private data from about 77 million accounts was compromised in 2011 as a result of an external breach into Sony's PlayStation Network and Qriocity services. Additionally, it made it impossible for PlayStation 3 and PlayStation Portable users to access the service. The blackout lasted for 23 days.

In 2014, Sony Pictures was hacked by a threat group called ‘Guardians of Peace.’ The organization asked that Sony delete the then-upcoming film The Interview, a comedy portraying a plan to assassinate North Korean leader Kim Jong-un. Officials came to the conclusion that the attack was supported by the North Korean government.    

RasomedVC: Ransomware Group Claims to Have Breached Sony’s Computer Systems


A newly discovered ransomware group, RansomedVC confirmed to have exploited the computer systems of entertainment giant Sony. Apparently, the announcement was made in a dark web portal.

The announcement states that Sony’s data is for sale: “Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan.

"We have successfully compromised [sic] all of Sony systems. We won't ransom them! we will sell the data. due to Sony not wanting to pay. DATA IS FOR SALE.”

Since Sony has not yet commented on the claim, they may still be false or perhaps more likely, exaggerated. 

However, if RansomedVC's claims are true, Sony seems to have not yet caved to their demands.

Sony will join a rather long list of game and entertainment companies that have had data stolen or ransomed if it confirms the breach. Due to the high value and high visibility of their intellectual property, gaming companies are frequent targets for theft and extortion.

Capcom and Ubisoft were notable victims in 2020, and CD PROJEKT RED, the company behind Cyberpunk 2077 and Witcher 3, was a victim in 2021— the same year that Electronic Arts had its source code for FIFA 21 stolen. In 2022, Rockstar Games experienced a significant breach by the short-lived Lapsus$ gang, while Bandai Namco came under a ransomware attack.

In case the claims are true, Sony’s customers must take measures in order to safeguard their data. While the information on the matter is still vague, here we are mentioning specific measures in case a customer is suffering a data breach or potential ransomware attack:

  • Block potential forms of entries: Establish a strategy for swiftly correcting internet-facing system vulnerabilities; stop or harden VPNs and RDP remote access; and utilize endpoint security software to identify malware and exploits that spread ransomware. 
  • Detect intrusions: By segmenting networks and carefully allocating access privileges, you can make it more difficult for intruders to function inside your company. To spot anomalous activity before an assault happens, use MDR or EDR.
  • Install endpoint detection and response software: Malwarebytes EDR, for example, can detect ransomware using a variety of detection methods and perform ransomware rollbacks to restore corrupted system data. 
  • Create offsite and offline backups.

About RanomedVC 

RansomedVC initially came to light by Malwarebytes researchers in August 2023. Apparently, the ransomware group had mentioned the details of nine of its victims on its dark website. The threat to report victims for General Data Protection Regulation (GDPR) violations is the only deviation it makes from the typical cut-and-paste criminality of ransomware gangs. While it obviously is not what it claims to be—a "digital tax for peace"—it does call itself that. This has been said multiple times before, and each time it is merely a money grab.