"All of Sony Systems" was allegedly infiltrated by a new ransomware group.
Photo of "SONY" on top of Sony HQ building.

A new group of baddies claims that they have "successfully compromised all of Sony systems" in a new ransomware attack.

This report comes from Australian cybersecurity site Cyber Security Connect in a new post made on September 25. The report says that Sony was infiltrated by some hackers calling themselves Ransomed.vc, a group that reportedly began operations in September. Cyber Security Connect suggests that members of the group had previous ties to dark web forums and groups related to hacking.

Cyber Security Connect says that the hack shows screenshots that are allegedly of Sony's internal log-in page. It also saw an allegedly internal PowerPoint presentation about test bench information, various Java files, and a document tree showing the entire leak that seems to include just 6,000 files.

Among those 6,000 files are various pages of documentation. There are "build log files" included, plus those Java files, and HTML data. Many of the included files are reportedly in Japanese.

"We have successfully compromissed [sic] all of sony systems. We wont ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE(...) WE ARE SELLING IT"
Despite claiming that they are trying to sell the data, the hacker group did not list a price. They did however leave contact details for Sony to get in touch with them and mentioned a "post date" of September 28. That could be when Ransomed.vc plans to begin selling it or when they plan to just release all of the data to the world.

According to additional details supplied by VGC, Ransomed.vc looks to be a "ransomware operator and a ransomware-as-a-service organization." The group claims to offer a "secure solution for addressing data security vulnerabilities within companies," while also operating "in strict compliance with GDPR and Data Privacy Laws."

The group also notes, "In cases where payment is not received, we are obligated to report a Data Privacy Law violation to the GDPR agency." That is certainly an interesting move on Ransomed.vc's part.

So far, Sony has not issued any statement on this alleged hack.

In 2011, Sony's PlayStation Network suffered a severe security breach. That breach resulted in account details for roughly 77 million users being compromised. PlayStation Network was also taken offline for over three weeks straight as a result of that 2011 hack. Sony was on the receiving end of almost 55 class-action lawsuits as a result of that 2011 breach. That breach and the way it was initially handled was so severe that Sony had to explain to Congress what happened as well as offering several PlayStation 3 and PSP games as an apology to users. Overall, the total cost to Sony for this breach ended up at around $171 million (USD).

Without knowing exactly what was in those 6,000 files taken in this recent intrusion, it's a little difficult to say how severe this new breach is. It doesn't seem like it's as severe as the 2011 breach but it's still too early to tell for sure.