Ransomware Group Claims ‘All of Sony Systems’ Hacked | #ransomware | #cybercrime

Sony has apparently had all of its data stolen in a ransomware attack, but is refusing to pay to stop the data being sold.

As Cyber Security Connect reports (via VGC), the data theft is being claimed by new ransomware group The group says, “We have successfully compromissed [sic] all of sony systems. We wont ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE … WE ARE SELLING IT.”

Proof of the successful hack comes in the form of screenshots of internal Sony login pages, an internal PowerPoint presentation, Java files, and a file tree of the available files. However, the amount of data being sold is less than 6,000 files, which seems a little light considering the claim of “all sony systems” being hacked.

The small size of the available data, combined with Sony not being willing to pay for or even acknowledge the hack publicly yet, suggests this may not be a serious breach. We don’t have long to wait to find out how serious, though. If the group doesn’t find a buyer by Sept. 28, the data is expected to be released publicly for all to see. If a buyer is found, then clearly valuable information was grabbed. Either way, Sony needs to release a statement publicly to clarify what, if anything, has been stolen.

According to risk intelligence company Flashpoint, is a rather unusual ransomware group. It encourages its victims to pay ransom demands of between $50,000 and $215,000 as a way of avoiding potential GDPR fines if the data is leaked. Those fines can be in the millions.

The most serious data breach Sony suffered happened back in 2011 when the PlayStation Network was compromised. The details of 77 million PSN users were exposed and Sony took the service offline for weeks in order to upgrade security. The hack was handled so badly, even Congress slammed Sony for its slow reaction to the massive security breach. UK regulators fined the company $400,000 for not doing more to prevent it.

Source link

National Cyber Security