A recent ransomware/cyber extortion group called Ransomed. vc claims to have hacked Sony and stolen important data.
“We were able to compromise every Sony system. We won’t hold them for ransom! The data will be sold. because Sony refused to pay. Data is for sale, the gang declared on Sunday on its leak website.
Additionally, they released additional evidence to back up their claim, including a file tree of the whole breach (about 6,000 files), as well as various papers and screenshots. However, as several have pointed out, the provided evidence does not conclusively support their findings. (Sony is a huge organization with numerous subsidiaries; to claim that they have compromised “all Sony systems” is absurd.)
Sony has not yet responded to the matter and either confirmed or denied a potential hack.
“Ransomed. When examining the group’s history, vc is responsible for a string of severe attacks on financial institutions, data providers, and managed IT companies, according to Ryan McConechy, CTO of Barrier Networks, who spoke with Help Net Security. “vc may be less well-known than major ransomware gangs like Cl0p or BlackCat.
There is a good chance the claims are true, which calls for a comprehensive investigation. Furthermore, ransomware gangs avoid making misleading announcements about victims because it harms their reputations and revenue potential.
According to Mike Newman, CEO of My1Login, most times when attackers claim to have infiltrated an organization, they are telling the truth.
“Sony needs to take corrective action right away if the allegations are true. This entails using forensics to identify the stolen data and then making an effort to lower its value by updating systems.
“Sony must also notify the affected parties so that they may watch out for phishing scams and stay vigilant for future attacks. The event will serve as a reminder to train staff members about the substantial risk that modern cybercrime poses and the need for them to be on the lookout for attacks. This calls for being vigilant against phishing and social engineering scams and strengthening company defenses by eliminating staff access to credentials.
Previous Sony security lapses
Hacks are nothing new for Sony.
When its PlayStation Network (PSN) was infiltrated in 2011, 70 million customers’ passwords and personal information were stolen. It was followed by other smaller breaches.
2014 saw the major Sony Pictures Entertainment attack, which has been attributed to North Korean hackers with governmental affiliations.