Sony Corporation once more finds itself the target of cybercriminals as Ransomedvc data extortion group exposes an alarming breach through their dark web victim blog on Ransomdvc’s dark web victim blog on Ransomedvc claims to have successfully penetrated Sony systems; making this security incident the second major threat facing tech giant Sony after MOVEit Transfer vulnerability attacks earlier in 2014.
Ransomedvc made headlines recently when it announced on its blog that they had “successfully compromised all of Sony’s systems.” To their discredit, however, Ransomdvc also took an unusual tack, declaring: “We won’t ransom them!” as opposed to demanding money to retrieve stolen information – an accusation which Sony denied and therefore they plan on selling. Furthermore, an imminent threat looms large: Ransomedvc plans on publishing purportedly stolen details by September 28th!
Ransomedvc has presented evidence supporting their claims by providing samples of stolen data reportedly including PowerPoint presentation from Sony’s quality assurance division, internal screenshots that appear to come from within one of Sony workstations and Java files that they claim have been taken.
At this point, Tech Monitor has reached out to Sony but have received no reply.
This cyberattack follows on the heels of another breach by Russian ransomware group Cl0p, where Sony data was exposed during a global attack exploiting MOVEit Transfer software vulnerabilities and exploiting vulnerabilities within it – impacting hundreds of companies around the globe and including major names in business.
Ransomedvc first caught cybersecurity researchers’ eye back in August. According to its blog, Ransomedvc is known as the leading company in digital peace tax – another name for ransom demands which range between $54,000 and $218,000. Security firm Flashpoint notes that Ransomedvc justifies these demands by saying their demands are less costly than fines companies could face from breaking Europe’s GDPR data laws which can reach into millions. By proposing lower payments as demands can more readily acquiesced upon victims accepting demands than larger sums might. This approach may increase compliance from victims who may accede more easily to these demands than might otherwise oblige.
As Sony works through this latest security incident, tech industry watchers closely, hoping that an effective resolution protects sensitive information and keeps it out of harm’s way.