Ransomware group claims to have hacked 'all of Sony systems,' Sony is investigating

News
By Andy Chalk
published

The group is offering the data for sale, but it's not clear yet what exactly it has.

The logo of Japanese tech giant Sony is displayed at an entrance to the company's headquarters building in Tokyo on February 2, 2022. (Photo by Behrouz MEHRI / AFP) (Photo by BEHROUZ MEHRI/AFP via Getty Images)
(Image credit: Getty Images)

Sony says it is investigating a claim by a ransomware group that says it has hacked the company's systems and is now trying to sell the data it accessed.

The hack was reported by Cyber Security Connect, which said that a group calling itself Ransomed.vc claimed to have breached Sony's systems and accessed an unknown quantity of data. "We have successfully compromissed [sic] all of Sony systems," Ransomed.vc wrote on its leak sites. "We won't ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE ... WE ARE SELLING IT."

The site said the hackers posted some "proof-of-hack data" but described it as "not particularly compelling," and also said that the file tree for the alleged hack looks small, given the group's claim that it had compromised "all of Sony's systems." A price for the hacked data isn't posted, but Ransomed.vc did list a "post date" of September 28, which is presumably when it will release the data publicly if no buyers are found.

While the hackers say they're not going to ransom the data, Ransomed.vc apparently does have a history of doing so, with a unique twist: Cybersecurity site Flashpoint said in August that Ransomed takes "a novel approach to extortion" by using the threat of the European Union's General Data Protection Regulation (GDPR) rules to convince companies to pony up. By threatening to release data that exposes companies to potentially massive GDPR fines, the group may hope to convince them that paying a little now is better than paying a whole lot later.

"The group has disclosed ransom demands for its victims, which span from €50,000 EUR to €200,000 EUR," Flashpoint explained. "For comparison, GDPR fines can climb into the millions and beyond—the highest ever was over €1 billion EUR. It is likely that Ransomed’s strategy is to set ransom amounts lower than the price of a fine for a data security violation, which may allow them to exploit this discrepancy in order to increase the chance of payment."

While the extent of the hack is unknown, Sony told IGN that it is looking into the matter: "We are currently investigating the situation, and we have no further comment at this time."

If the hackers' claim is true, this would not be the first time Sony has suffered a data security breach: A 2011 hack of Sony Online Entertainment databases resulted in a massive theft of information belonging to SOE account holders, including names, addresses, telephone numbers, login information, and credit card and banking information.

Andy Chalk
Andy Chalk

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.

See comments