Update (26th September 2023): Sony has put out a short statement regarding the recent report about an alleged ransomware attack on the company. It told IGN: "We are currently investigating the situation, and we have no further comment at this time."
Original Story: A ransomware group by the name of Ransomed.vc claims to have compromised "all Sony systems", as reported by Cyber Security Connect. At the time of writing, the claims have yet to be verified, but the site notes the group has "racked up an impressive amount of victims" in a short span of time.
Ransomed.vc is aiming to sell the data: "We have successfully compromissed [sic] all of sony systems," it says. "We wont ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE." Apparently, the group backs up its claims with some "proof-of-hack data", which includes screenshots of an internal log-in page, PowerPoint presentation, Java files, and a file tree, which apparently consists of fewer than 6,000 files. Cyber Security Connect notes this seems low for "all Sony systems".
The group has not listed a price but has provided contact information, and has issued a "post date" of 28th September 2023. Cyber Security Connect presumes this is when Ransomed.vc will share the entire leak wholesale if a buyer isn't found beforehand.
Unusually, Ransomed.vc considers itself not just a ransomware group, but a "ransomware-as-a-service" organisation. It claims to be a "secure solution for addressing data security vulnerabilities within companies", and operating "in strict compliance with GDPR and Data Privacy Laws". Its website states: "In cases where payment is not received, we are obligated to report a Data Privacy Law violation to the GDPR agency!"
We'll follow this story and share any developments if and when they arise.