Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Sony. Show all posts

Sony is Hacked, Who is Behind It?

The Ransomed.vc hacking group claimed yesterday that they successfully breached Sony's servers. They stated they now have a substantial trove of sensitive information covering every aspect of the Japanese corporation's operations. 

Nevertheless, several malicious groups are asserting responsibility for this major data breach, further complicating matters. Moreover, many have even disseminated contradictory data to add to the confusion. Presently, Sony is conducting an investigation into the incident. 

“We are currently investigating the situation, and we have no further comment at this time,” Sony released. According to Ransomed.vc's statement, it appears that Sony may have rejected the group's ransom request. They have stated that if no buyer comes forward, the data will be made public on September 28. 

As per the multiple sources, the group is demanding $2.5 million (£1.97 million) for the data. What has been compromised? Even though the group asserts they have breached "all of" Sony's systems, the evidence supporting this claim is somewhat lacking and does not entirely align with their statements. However, a portion of the purported evidence for the hack is a file system tree displaying the extracted data. This tree seems to contain less than 6,000 files, with a significant number of them apparently in Japanese. 

“We have successfully compromised [sic] all of sony systems. We won’t ransom them! We will sell the data. Due to Sony not wanting to pay. DATA IS FOR SALE,” Ransomed.vc said on its website. 

In the information the group released, there were various files, which they say came from Ransomed.vc. This is a major area of disagreement about whether this is really where the data came from in the supposed hack. 

SonarQube Sony's 
certificates Creators 
Cloud A device emulator for license generation 
Qasop security 
Incident response policies, and other materials. 

Ransomed.vc shared pictures of a Sony login screen and a PowerPoint presentation. Right now, we're not sure exactly how much information they might have gotten hold of, but BleepingComputer estimates it could be around 260GB in total. 

Back in 2014, Sony suffered its most notorious hack. It was reported that a team of North Korean hackers targeted Sony Pictures in response to the movie "The Interview." The breach resulted in the exposure of Sony's upcoming film projects and the personal details of their employees. This breach involved a staggering 100 terabytes of data.

Sony Launches Investigation After Hackers Threaten to Sell Stolen Data on Dark Web

 

It's likely that you have seen the prominent headlines about the "Sony data breach 2023" and are wondering whether you are at risk or not. Sony, however, is likewise unaware of what is happening at the moment, but at least they have begun investigating it.

Sony has once again found itself in the crosshairs of a cyber attack, this time from the ruthless group known as 'Ransomed.vc' claiming to have successfully breached the tech giant's networks. The gang has stated its aim to sell the stolen data on the black market. 

Earlier in the week Ransomed.vc boldly claimed that it had accessed "all Sony systems" and was ready to dump the stolen data because the company was supposedly "unwilling to pay" a ransom. The group went a step further, warning that if no purchasers materialised by Thursday, September 28, they may start publicising the stolen information. 

Despite the gravity of these allegations, it is critical to recognise that they remain unverified. However, Ransomed.vc did provide some evidence in the form of posted files (about 6,000 in total). This pales in comparison to the broad claim that they corrupted "all Sony systems," including your beloved PlayStation. 

In response to these concerning developments, Sony said on September 26 that it had launched an investigation. The company's spokesperson replied, "We are currently investigating the situation, and we have no further comment at this time." 

Sony's measured response reflects the gravity of the problem and the importance of conducting an in-depth investigation into the suspected breach. 

There is still some ambiguity over the scope of the data that "Ransomed.vc" acquired access to and whether any consumer personal information has been stolen as the investigation into the Sony Data Breach 2023 progresses. The stakes are unquestionably high, and Sony will be meticulously investigating the situation and securing its networks with the assistance of cybersecurity professionals.

The current Sony cyber controversy is being closely watched across the globe. It serves as an alarming reminder of the constantly changing panorama of online risks and the crucial role that cybersecurity measures play in protecting private information in the interconnected world.

RasomedVC: Ransomware Group Claims to Have Breached Sony’s Computer Systems


A newly discovered ransomware group, RansomedVC confirmed to have exploited the computer systems of entertainment giant Sony. Apparently, the announcement was made in a dark web portal.

The announcement states that Sony’s data is for sale: “Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan.

"We have successfully compromised [sic] all of Sony systems. We won't ransom them! we will sell the data. due to Sony not wanting to pay. DATA IS FOR SALE.”

Since Sony has not yet commented on the claim, they may still be false or perhaps more likely, exaggerated. 

However, if RansomedVC's claims are true, Sony seems to have not yet caved to their demands.

Sony will join a rather long list of game and entertainment companies that have had data stolen or ransomed if it confirms the breach. Due to the high value and high visibility of their intellectual property, gaming companies are frequent targets for theft and extortion.

Capcom and Ubisoft were notable victims in 2020, and CD PROJEKT RED, the company behind Cyberpunk 2077 and Witcher 3, was a victim in 2021— the same year that Electronic Arts had its source code for FIFA 21 stolen. In 2022, Rockstar Games experienced a significant breach by the short-lived Lapsus$ gang, while Bandai Namco came under a ransomware attack.

In case the claims are true, Sony’s customers must take measures in order to safeguard their data. While the information on the matter is still vague, here we are mentioning specific measures in case a customer is suffering a data breach or potential ransomware attack:

  • Block potential forms of entries: Establish a strategy for swiftly correcting internet-facing system vulnerabilities; stop or harden VPNs and RDP remote access; and utilize endpoint security software to identify malware and exploits that spread ransomware. 
  • Detect intrusions: By segmenting networks and carefully allocating access privileges, you can make it more difficult for intruders to function inside your company. To spot anomalous activity before an assault happens, use MDR or EDR.
  • Install endpoint detection and response software: Malwarebytes EDR, for example, can detect ransomware using a variety of detection methods and perform ransomware rollbacks to restore corrupted system data. 
  • Create offsite and offline backups.

About RanomedVC 

RansomedVC initially came to light by Malwarebytes researchers in August 2023. Apparently, the ransomware group had mentioned the details of nine of its victims on its dark website. The threat to report victims for General Data Protection Regulation (GDPR) violations is the only deviation it makes from the typical cut-and-paste criminality of ransomware gangs. While it obviously is not what it claims to be—a "digital tax for peace"—it does call itself that. This has been said multiple times before, and each time it is merely a money grab.  

Cl0p Ransomware Targets Sony, EY, and PwC in MOVEit Transfer Cyberattack

 

The recent attack, which commenced earlier this month, has the potential to become one of the largest cyberattacks in history. Its victims include various entities from the public and private sectors in the United States, United Kingdom, and other countries.

Reports suggest that Cl0p, the cybercriminal group behind the attack, claims to possess data from prominent organizations like Sony, as well as leading accountancy firms EY and PwC. In a statement, Cl0p warned that it possesses approximately 120GB of data from PwC, which it may release if its demands are not met.

However, Cl0p denies having any data from government agencies, emphasizing that its focus lies solely on exploiting private companies for financial gain. The group clarifies on its blog that it receives numerous emails regarding government data but promptly deletes such information, as its motivations are primarily monetary and not political.

Typically, ransomware groups deny possessing sensitive government information, especially if they believe that holding such data would invite closer scrutiny from law enforcement agencies.

Notable organizations affected by the security vulnerability in MOVEit Transfer, a widely used secure file transfer system, include British Airways, the BBC, and Boots. These entities informed their staff that their data may have been compromised following a breach of payroll platform Zellis, which is used by all three companies.

Although Cl0p denies having any data from Zellis, an email exchange with the BBC reveals the group's claim that they do not possess the information and have notified Zellis about it. The group asserts its longstanding policy of truthfulness, stating that if they say they don't have certain data, they genuinely do not possess it.

The hackers allegedly set a deadline of 14 June for the affected companies to pay a ransom, or else their data would be exposed online. However, no information has been leaked thus far, raising the possibility that other cybercriminals may also be taking advantage of the MOVEit Transfer vulnerability. 

The software vendor, Progress Software, disclosed the glitch on 31 May, but no other hacker group has publicly claimed responsibility for stealing data through this exploit.