Sony has allegedly suffered a ransomware breach

Published , by Sam Chandler

A new ransomware group alleges to have stolen data from Sony Group Corporation. The group plans to sell the data but should no one buy the stolen information the group will release it and file a Data Privacy Law report to the General Data Protection Regulation agency.

On September 25, 2023, Video Games Chronicle reported that a ransomware group claims to have breached Sony’s systems. This information is based on David Hollingworth of Cyber Security Connect’s own report which includes perspective that the proof provided by the hackers is “not particularly compelling”.


Source: Cyber Security Connect

The hackers posted the following statement on the clear and dark nets:

Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan

We have successfully compromissed all of sony systems. We wont ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE.

WE ARE SELLING IT

According to Hollingworth, the ransomware group is fairly new on the scene, having only started operating in September. Despite this short timeframe, they have managed to attack several victims.

The post by Cyber Security Connect goes on to mention that the proof-of-hack contains information such as internal log-in page, a PowerPoint presentation that describes “testbench details”, and some Java files. The hackers have also posted the file tree which contains fewer than 6,000 files. Cyber Security Connect describes this as “seemingly small” considering the ransomware is supposedly of “all of Sony systems.”

Hollingworth notes that, in the event no buyers surface, the group plans to post the data breach on September 28, 2023. The ransomware group also plans to report a Data Privacy Law violation to the General Data Protection Regulation (GDPR) agency should no one purchase their stolen data.