Ransomed.vc claims they have hacked Sony. Read below.
Ransomed.vc, a relatively new player in the cyber threat landscape, has emerged on the scene since September, despite some connections to previous online forums and groups. However, within this short timeframe, the group has managed to accumulate a significant number of victims, with Sony being one of them.
On their leak sites, accessible on both clear and dark web channels, Ransomed.vc has boldly stated, “Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan.” This description appears to be directly lifted from Wikipedia.
The group goes on to assert, “We have successfully compromised all of Sony systems. We won’t ransom them! We will sell the data due to Sony not wanting to pay. DATA IS FOR SALE.” In no uncertain terms, they emphasize, “WE ARE SELLING IT.”
While Ransomed.vc has provided some proof-of-hack data, the evidence is not particularly substantial at first glance. It includes screenshots of an internal login page, an internal PowerPoint presentation detailing test bench details, and several Java files.
Additionally, Ransomed.vc has shared a file tree of the entire data leak, which appears to consist of fewer than 6,000 files. This may seem relatively modest considering their claim to have compromised “all of Sony systems.” The contents include “build log files,” various Java resources, and HTML files, with many featuring prominently displayed Japanese characters.
Notably, the group has refrained from specifying a price for the data but has provided contact details for the Tox messaging service, along with Telegram and email information. They have also indicated a “post date” of September 28, 2023, implying that if the data remains unpurchased, Ransomed.vc intends to release it publicly on this date.
As of the time of this report, Sony has not officially acknowledged any potential security breach on its websites. We have reached out in writing to Sony for confirmation of any cybersecurity incidents.
Ransomed.vc appears to function both as a ransomware operator in its own right and as a ransomware-as-a-service organization. They are currently seeking “affiliates” to join their ranks.
What sets Ransomed.vc apart is its unique approach to ransomware, claiming to be not only a “secure solution for addressing data security vulnerabilities within companies” but also to operate “in strict compliance with GDPR and Data Privacy Laws.” They emphasize that, “In cases where payment is not received, we are obligated to report a Data Privacy Law violation to the GDPR agency!” on their leak site.