Sony, the multinational conglomerate corporation, is reportedly facing a significant cybersecurity issue. A ransomware group known as Ransomed.vc claims to have compromised all Sony systems, according to Cyber Security Connect. While these claims remain unverified at this time, they could have serious implications if proven true. This article aims to provide a detailed understanding of the alleged breach, the data that could be at risk, and the unusual business model of Ransomed.vc.
Details of the Alleged Breach
The Claims Made by Ransomed.vc
The ransomware group, Ransomed.vc, has stated that they have successfully compromised all Sony systems. What makes this case unusual is that the group has no intention of ransoming the data back to Sony. Instead, they plan to sell it. They attribute this decision to Sony's unwillingness to pay a ransom for the data.
Supporting Evidence Provided
To lend credibility to their claims, the group has released what they term as "proof-of-hack data." This includes screenshots of an internal login page, a PowerPoint presentation, Java files, and a file tree. The latter supposedly comprises fewer than 6,000 files—a number that Cyber Security Connect deems low, considering the claim of compromising "all Sony systems."
Sale and Disclosure Timeline
Ransomed.vc has not disclosed the asking price for the compromised data. However, they have provided contact information and have set a "post date" of 28th September 2023. Cyber Security Connect interprets this as the date by which the group intends to share the leaked data publicly if no buyer steps forward.
Unique Business Model: Ransomware-as-a-Service
Interestingly, Ransomed.vc identifies itself as more than just a ransomware group. They describe themselves as a "ransomware-as-a-service" organization. The group claims to operate within the legal framework of GDPR and Data Privacy Laws. According to their website, they would report any Data Privacy Law violations to the GDPR agency in cases where payment is not received.