A recently created group of hackers dedicated to ransomware – kidnapping systems and data for which a ransom is demanded – called Ransomed.vc, claims to have accessed all the systems of the multinational Sony Group Corporation and has made the captured data available. the sale. The company has not commented on this information. Faced with the uncertainty, thousands of Sony PlayStation console users have canceled their accounts on that platform as a precaution in case their data has been compromised.
The message from Ransomed.vc notes: “We have successfully compromised all Sony systems. Because Sony doesn’t want to pay, we will sell the data. The data is for sale. We sell them.” To support their claims, the hacking group provides some evidence that doesn’t look very solid, including screenshots of an internal login page and an internal PowerPoint presentation outlining the details of the testbed and various files in Java language.
The group of cybercriminals has also published a tree of files, which according to the Cibersecurity Connect website, which accessed the hackers’ first information, appears to have less than 6,000 files, a figure that seems too small for a leak that has compromised all of them. the systems of the Japanese multinational. These supposedly stolen data are related to computer systems and many of them contain Japanese characters. Although Ransomed.vc has not publicly set the price it is asking for this alleged leak, it has left its contact information through the Tox messaging service, Telegram and email.
Cybercriminals have also set today as the “publication date”, it is understood that in the event that no one pays for the data. But it is something that confuses something else about this situation. Ransomed.vc presents itself as a “secure solution to address data security vulnerabilities within companies” and further states that it acts “in strict compliance with GDPR – General Data Protection Regulation of the European Union, for its acronym in English-. In an example of the group’s blackmailing nature, it states: “In cases where payment is not received, we are obliged to report a violation of the Data Privacy Law to the GDPR agency!”
The company has not offered an official communication on the matter, although a Sony representative told the SecurityWeek website that it is “investigating the situation and has no further comments to make.” Information about the possible data leak caused global searches for “delete PlayStation account” to skyrocket by 233%, according to an analysis by the SecureCheats website on Google Trends data. The alarm among players of the popular Sony console has a precedent that justifies it. In 2011, the network of its video game system was hacked and the data of 77 million users was leaked. The PlayStation Network was down for a period of almost a month.
Yesterday Cibersecurity Week published information that adds a little more confusion to this alleged data leak: a hacker named MajorNelson – in reference to the nickname of Larry Hryb, a popular Microsoft employee who worked on the Xbox console – accused in a publication the journalists from believing “the lies” of the ransomware group. “RansomedVC are scammers who only try to scam you and chase influence,” he told informants. In such a situation, the company has to investigate whether a leak has actually occurred. Maybe today we will clear up doubts.
