Sony is looking into claims of a cyberattack this week as two separate hacker groups have claimed responsibility for the alleged hack. Initially, an extortion group named RansomedVC asserted that they had attacked Sony's systems. They claimed to have compromised all of Sony's systems and had put Sony's 'data and access' up for sale. A note on RansomedVC's onion leak site read, 'We have successfully [compromised] all of Sony systems. We wont ransom them! we will sell the data. due to Sony not wanting to pay.'
However, the data sample posted by RansomedVC was relatively small, about 2 MB, consisting of a PowerPoint presentation, some Java source code files, Eclipse IDE screenshots, and other assets. RansomedVC alleged to have breached Sony's networks and stolen 260 GB of data during the attack, which they are trying to sell for $2.5 million. Despite its name, RansomedVC is an extortion group and not a ransomware operation. They stated they are still developing an encryptor. Sony Corporation was reached out to for confirmation about the attack. A Sony Group Corporation spokesperson responded, 'We are currently investigating the situation, and we have no further comment at this time.'
However, the situation is cloudy as another threat actor, MajorNelson, has also claimed responsibility for the attack and refuted RansomedVC's claims. MajorNelson posted on BreachForums, 'You journalists believe the ransomware crew for lies. Far too gullible, you should be ashamed. RansomedVCs are scammers who are just trying to scam you and chase influence. Enjoy the leak.' MajorNelson has 'leaked for free' a 2.4 GB compressed archive, which contains 3.14 GB of uncompressed data that they claim belongs to Sony. The threat actor states that the dump contains: 'A lot of credentials for internal systems,' and files related to Sony. The archive posted by MajorNelson had all of the files that were present in RansomedVC's small sample, but definitive attribution remains a challenge. While the data shared by the attackers does appear to belong to Sony, the veracity of either threat actor's claims could not be independently verified. Sony's most notable encounter with a cyber attack prior to this week's allegations occurred in 2014 when North Korean hackers breached Sony Pictures in an attempt to censure the screening of the film, The Interview.