Details Emerge on the RansomVC Group That Claims Sony Attack Responsibility
Analysts Weigh In
Photo by Mikhail Nilov on Pexels
A new cybercrime threat actor has made headlines after claiming to have stolen data from Sony. The unidentified group, known as "Ransomed" or "RansomedVC", posted a notice to its Dark Web leak site on Monday claiming to have "compromised [sic] all of Sony’s systems".
Despite their claims, security experts are debating the value of the data and how it was obtained. It appears that the group collected data from various developer tools used by the company, including Jenkins, SVN, SonarQube, and Creator Cloud Development, as well as some other likely noncritical credentials and files.
Sony has yet to comment on the situation. However, a Sony representative told SecurityWeek that they are investigating the incident.
To prove their accomplishment, Ransomed attached a file tree for the entire leak in their Dark Web listing. However, the file tree contains fewer than 6,000 files, which is a far cry from the group's claim of "all of Sony".
On online message boards, hackers and interested parties alike have poked fun at the discrepancy. One user, by the name of "Major Nelson", even went a step further by publishing all of the data that they claimed Ransomed stole.
Since their initial posting, the group appears to be changing its messaging. In a more recent forum post, one Ransomed affiliate claimed that they are selling "access to Sony infrastructure".
Ferhat Dikbiyik, head of research at Black Kite, has been tracking the group through its online channels. He believes that the group is an amateur outfit.
"The thing about this group is that we've recorded how many … 41 victims so far? And maybe half of them are from Bulgaria. So they focus on small businesses in small countries," Dikbiyiv said, as he was quoted by Dark Reading.
Dikbiyik explains that the group is likely trying to make a name for themselves by exaggerating their accomplishments. He concludes: "They just want to get a reputation."
The threat posed by RansomedVC is still unknown, and as of yet, it is unclear how much of a threat the group poses. Sony is still investigating the situation and has yet to comment. In the meantime, security experts urge businesses to remain vigilant and take any necessary steps to protect their data.