Encrypted proxies, a ransomware organization is seeking to sell data that it claims it has stolen from Sony,perhaps including the PlayStation, online.
When the organization attempted to directly ransom Sony for the data, Sony turned down their offer, therefore the group decided to make the data available for purchase on the open market
.There is still uncertainty on the scope and type of the data breach, however evidence points to a small number of files that include HTML pages, Java resources, and log files—some of which contain Japanese characters.
PlayStation may be among the “all Sony systems” from which stolen data is being
Understandably, there are few details available about the group purportedly responsible for the ransomware attack, but a September SOCRadar assessment now appears uncannily accurate. The study talks about keeping an eye out for dark web activity and threat actors on Telegram. An organization known as Ransom Forums came under observation and declared that it will be working on a product called Ransomed.vc. The group purportedly in possession of Sony data goes by that name.
Information about the Ransomed.vc and Sony security compromise was disclosed in a Cyber Security Connect report. The groups behind the ransomware claim to have “successfully compromised [sic] all of Sony Systems” and are offering for sale all of the stolen data. Although it also indicates that the data is from “SONY.com” elsewhere, the statement clearly acknowledges having data from Sony Corporation and Sony Group Corporation. Sony and other companies have not confirmed whether the data was indeed taken or not.
However, evidence of a data leak of some type exists. Two things are offered by the ransomware group: a file tree containing all of the stolen data and a sample of the data it is selling. Perhaps more so than suggested, the data is more limited as it consists of less than 6,000 files of unknown origin. According to the Cyber Security Connects study, the leak included many HTML pages, Java resources, and log files. These files seem to include a lot of Japanese characters. The involvement of the PlayStation or PlayStation hardware was not mentioned.
The statement from Randsomed.vc also states that the reason it is making the Sony data available to the public is that a ransom attempt against Sony was not successful. Because Sony refused to pay. “DATA IS FOR SALE,” the text states. The data’s pricing is not specified. It is advised that prospective purchasers use the encrypted chat program Tox to message the ransomware gang.
If the Sony leak is real and not a fake, then the extent of the disclosure is still unclear. It’s unclear what information was obtained and whether it contains any sensitive personal or internal data. It might contain only 6,000 files related to Sony websites. The ransoms are usually not very successful with these kinds of ransomware assaults either. After disclosing Rockstar’s assets, the perpetrator of the massive recent Grand Theft Auto 6 hack was taken into custody almost six months later. Customers of Sony and PlayStation would be better off waiting to see how things work out for the time being.
