View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 25, 2023

Hackers say Sony is refusing to pay up after cyberattack

Ransomedvc, the group behind the alleged breach, says it will offer the information for sale.

By Claudia Glover

Sony has appeared on the dark web victim blog of data extortion gang Ransomedvc, who claim to have infiltrated the company’s systems and stolen sensitive data. If confirmed, it will be the second time Sony has been breached in a matter of months, after the business was hit as part of the MOVEit Transfer vulnerability attacks.

Sony appears on the dark web victim blog of Ransomedvc. (Photo by Sundry Photography/Shutterstock)

Ransomedvc wrote on its blog that it had “successfully compromised all of Sony’s systems”, but added: “We won’t ransom them!” 

Sony cyberattack a success?

The gang alleges that Sony has refused to pay to retrieve the data, and says it plans to sell it instead. It is threatening to release the allegedly stolen information on 28 September.

Samples of the data have been posted alongside these claims, reportedly featuring a PowerPoint presentation from Sony’s quality assurance division, internal screenshots displaying what could be a Sony workstation, and some Java files. 

Tech Monitor has contacted the company for comment but has yet to hear back at the time of writing. 

The alleged attack comes months after Russian ransomware group Cl0p gained access to Sony data as part of its attack on businesses around the world which exploited a vulnerability in file transfer software MOVEit Transfer. Hundreds of companies around the world, including some of the biggest names in business, have fallen victim to the attack, and Sony saw data stolen in June as part of the first wave of breaches.

Ransomedvc: cheaper than a GDPR fine?

Ransomedvc was initially uncovered by cybersecurity researchers in August. On its blog, the gang claims to be the “leading company in digital peace tax”.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The group’s ransom demands have so far ranged from $54,000 to $218,000, according to security company Flashpoint, which says the gang maintains it is charging less than the fines companies would receive for breaching Europe’s GDPR data laws. Such fines can run into millions of Euros. Keeping demands lower might be a tactic to increase the chances of victims making the payment, Flashpoint said.

The researchers have doubted the legitimacy of some of the group’s claims. “Ransomed lists several companies as victims who have not paid their ransom,” the Flashpoint report says. “The payments of these companies are currently listed as ‘pending’, while a previous version of the site listed the payments as ‘pending/cancelled’.”

The gang is rumoured to include former moderators of now-closed data leak forums such as BreachedForums, meaning it may be trying to extort companies with data that is already publicly available. 

Read more: Signal adds quantum-resistant encryption to its protocol

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.