(CTN News) – Sony has appeared on the dark web victim blog of data extortion gang Ransomedvc, who claim that they have infiltrated Sony’s systems and have stolen sensitive data from its systems.
Considering Sony was breached as part of the MOVEit Transfer vulnerability attack in July, if this is confirmed, it will be the second time in a matter of months that has been breached.
There was a report on Ransomedvc’s blog that it had “successfully compromised all of Sony’s systems”, however it added that they would not be held hostage. “We won’t ransom them!”
Was the Sony cyberattack successful?
In their allegations, the gang alleges that Sony has refused to pay to retrieve the data and that it plans to sell it instead of retrieving it. There has been a threat from the company that on 28 September it will release alleged stolen information.
A sample of the data has been posted alongside these claims, reportedly containing a PowerPoint presentation from Sony’s quality assurance division, internal screenshots depicting what appears to be a Sony workstation and some Java files as well.
The company has been contacted for comment, but as of the time this article was written, Tech Monitor has yet to receive a response.
As part of its attack on businesses around the world, the ransomware group Cl0p exploited a vulnerability in download software MOVEit Transfer to gain access to Sony data as part of its attack on businesses throughout the world.
As a result of this attack, hundreds of companies around the world, including some of the biggest names in business, have fallen victim to the attack, and Sony was one of the companies that saw data stolen in June.
Is Ransome DVD a more cost-effective alternative to a GDPR fine?
The first time Ransome dvd was uncovered by cybersecurity researchers was in August of this year. This is the claim that the gang makes on its blog, claiming that they are the “leading company in digital peace taxes”.
Security company Flashpoint, which says the gang maintains it is charging less than what companies would receive as fines for breaching Europe’s GDPR data laws, says that the group’s ransom demands have so far ranged from $54,000 to $218,000, according to Flashpoint.
It is not uncommon for such fines to amount to millions of Euros. It might be a tactic to keep the payment demands as low as possible to increase the likelihood that victims will pay up, according to Flashpoint.