A recently emerged ransomware group known as RansomedVC has claimed that it successfully infiltrated the computer systems of the entertainment giant Sony. This announcement was made on the group’s dark web platform, where they typically auction off data stolen from their victims’ computer networks.
In their statement, RansomedVC declared that they had compromised all of Sony’s systems and indicated their intention to sell the data. This decision came after Sony refused to meet the group’s ransom demands. As of now, Sony has not officially responded to these claims. It’s important to note that we are currently hearing only one side of the story, and that side comes from a group of cybercriminals. Consequently, the extent of Sony’s compromise remains unconfirmed and may potentially be exaggerated or false.
If RansomedVC’s claims are accurate, it would be commendable that Sony did not yield to the group’s ransom demands. In some cases, businesses opt to pay extortionists, and while we don’t pass judgment on those decisions, it’s certainly worth applauding when they choose not to do so.
In the event that Sony has indeed suffered a security breach, it’s understandable that their customers will be concerned about safeguarding their data. However, with limited information available at this time, it’s premature to provide specific guidance. We recommend consulting our data breach guide for essential information if you find yourself in such a situation.
Should Sony confirm the breach, it would join a growing list of gaming and entertainment companies that have experienced data theft or ransomware attacks. These companies are attractive targets due to the high value and visibility of their intellectual property. Notable victims in recent years include Capcom and Ubisoft in 2020, CD PROJEKT RED in 2021 (the creators of Cyberpunk 2077 and Witcher 3), Electronic Arts in the same year (with the theft of FIFA 21 source code), Bandai Namco in 2022, and Rockstar Games, which suffered a significant breach at the hands of the short-lived Lapsus$ gang.
RansomedVC is a relatively new ransomware group that first came to public attention in August 2023 when it disclosed details of nine victims on its dark web platform. The group deviates slightly from the typical modus operandi of ransomware groups by threatening to report victims for General Data Protection Regulation (GDPR) violations. They describe themselves as a “digital tax for peace,” although this claim is merely a guise for their profit-seeking activities, as we have seen countless times before.
To protect your organization from ransomware attacks, consider the following precautions:
- Block Common Entry Points: Implement measures to block common entry points for cybercriminals. Create a plan to promptly patch vulnerabilities in internet-facing systems, disable or strengthen remote access methods like RDP and VPNs, and employ endpoint security software capable of detecting exploits and ransomware delivery.
- Detect Intrusions: Enhance your organization’s security by segmenting networks and carefully managing access rights. Utilize EDR (Endpoint Detection and Response) or MDR (Managed Detection and Response) solutions to identify unusual activity before an attack occurs.
- Prevent Malicious Encryption: Deploy Endpoint Detection and Response software, such as Malwarebytes EDR, which employs various detection techniques to identify ransomware and provides rollback capabilities to restore damaged system files.
- Maintain Offsite, Offline Backups: Keep backups stored offsite and offline to ensure they are beyond the reach of attackers. Regularly test these backups to guarantee swift restoration of essential business functions.
- Prevent Repeat Attacks: In the aftermath of an attack, isolate the outbreak and eliminate all traces of the attackers, including their malware, tools, and entry methods, to reduce the risk of future attacks