Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Suspicious New Ransomware Group Claims Sony Hack

    justmattgBy justmattgSeptember 26, 2023No Comments3 Mins Read

    [ad_1]

    A new threat actor is offering files purportedly stolen from Sony on the Dark Web, but debate is ongoing as to how the group obtained the entertainment giant’s data and how valuable it actually is.

    An operation called “Ransomed” or “RansomedVC” — little more than a month old at this point — posted a notice to its Dark Web leak site on Monday, claiming to have “compromissed [sic] all of sony [sic] systems.” After Sony refused to pay up, the group says, it’s now selling the data to the community.

    But in a post on X (formerly Twitter) for “nerds” that went up Sept. 25, vx-underground clarified that the group “did not deploy ransomware, no corporate data was stolen, services not impacted.” What it did do, it seems, was collect data from various developer tools used by the company, including Jenkins, SVN, SonarQube, and Creator Cloud Development, as well as some other likely noncritical credentials and files.

    As of publication, Sony had not responded to Dark Reading’s request for comment. A Sonyrepresentative told SecurityWeek that it’s investigating the situation.

    What Actually Happened

    To prove its accomplishment, Ransomed apparently attached a file tree for the entire leak in its Dark Web listing. However, it contains fewer than 6,000 files in all, hardly “all of Sony.”

    On online message boards, hackers and interested parties alike poked fun at the discrepancy. And in one cybercrime forum post, a user by the name “Major Nelson” went a step further, publishing all of the data they claim Ransomed stole. (It’s unclear how any of these parties obtained this data.) It included those infrastructure files, as well as a device emulator for generating licenses, incident response policies, “a lot of credentials for internal systems,” and more.

    Major Nelson seemed to downplay the severity of it all. “You journalists believe the ransomware crew for lies. Far too gullible, you should be ashamed. RansomedVCs are scammers who are just trying to scam you and chase influence. Enjoy the leak,” they wrote.

    Since its initial posting, the group itself appears to be changing its messaging. In a more recent forum post captured by SOCRadar, one Ransomed affiliate claimed that it’s selling “access to Sony infrastructure.”

    This isn’t the first time that the young threat actor has exaggerated its accomplishments.

    Who Are Ransomed?

    Ransomed.vc was launched on Aug. 15, as a new hacker forum. But the very next day, it was the victim of a DDoS attack. After that, its admins rebranded it as a leak site for a ransomware operation.

    Ferhat Dikbiyik, head of research at Black Kite, has been tracking the group through its online channels. “The thing about this group is that we’ve recorded how many … 41 victims so far? And maybe half of them are from Bulgaria. So they really focus on small businesses in small countries,” he says.

    Contrast that with its grand claims about Sony and Transunion, for which it claimed to have stolen “everything their employes [sic] ever downloaded or used on their systems.”

    It’s an amateur outfit, Dikbiyik explains. “I think it was two weeks ago they hacked a company, and changed their website. Website defacement is a very old-school script — the more quote-unquote ‘professional’ resume groups do not do that — because they do not want to expose the victim and lose leverage.”

    Dikbiyik concludes: “They just want to get a reputation.”



    [ad_2]

    Source link

    Previous ArticleA New Cybercrime Group Linked to 7 Ransomware Families
    Next Article Microsoft is Rolling out Support for Passkeys in Windows 11
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑