A ransomware group has posted information stolen in a data breach at Sony, claiming that they’re not ransoming the data because the company refused to pay them.
The ransomed.vc group has been active for only about a month, but it has already hit dozens of companies and websites. Most of its activity is in Bulgaria, but the group had a few targets in the EU and US.
Details of the security incident popped up online as the group claimed to have stolen Sony’s data and is willing to sell it immediately.
“Sony Group Corporation, formerly Tokyo Telecommunications Engineering Corporation, and Sony Corporation, is a Japanese multinational conglomerate corporation headquartered in Minato, Tokyo, Japan,” wrote the gang. “We have successfully compromissedall ofsony systems. We wont ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE----- File tree:linkSample Of Data:link-----WE ARE SELLING IT.”
According to a Cybersecurity Connect report, Ransomed.vc posted proof that the data is real, including some Java files, a screenshot of an internal login page and more. However, it doesn’t appear to be anything sensitive. All in all, around 6,000 files are included in the leak.
What makes it even more interesting is the fact that the group claims to be penetration testers and they threaten to report the company to the Data Protection Authorities (DPA) in various countries if they don’t pay. Basically, they’re using the fear of a GDPR fine to coerce victims.
The gang also seems to be working both sides, as a hacking group and as a ransomware-as-a-service (RaaS) provider, which we don’t usually see because they would be in competition with its operators.