Sep 27, 2023 10:51:00

In response to the hacking allegations, Sony releases a statement saying it has ``started an investigation'', but another hacker appears who says ``I actually did it'' and the situation is confusing

On September 25, 2023, it was confirmed that a ransomware group called RansomedVC claimed to have stolen Sony data. RansomedVC emphasizes that it has ``hacked all of Sony's systems'' and says it will sell the data, but it has become clear that Sony has launched an investigation into this matter.

Sony investigates cyberattack as hackers fight over who's responsible

https://www.bleepingcomputer.com/news/security/sony-investigates-cyberattack-as-hackers-fight-over-whos-responsible/

Sony Investigating After Hackers Offer to Sell Stolen Data - SecurityWeek

https://www.securityweek.com/sony-investigating-after-hackers-offer-to-sell-stolen-data/

RansomedVC claims to have obtained just under 6,000 files, including screenshots of Sony's internal login page, PowerPoint documents outlining test benchmark details, and numerous Java files. RansomedVC threatened to sell it as-is without directly demanding a ransom from Sony.

Ransomware group claims to have hacked all of Sony's systems - GIGAZINE

In response to the incident, Sony issued a statement to some media outlets stating that they had ``begun an investigation.''

Regarding this incident, the security company Cyber ​​Security Connect points out that ``There were fewer than 6,000 files, which is a small number considering that it claims to have hacked any system.'' RansomedVC has released 2MB of sample data and claims that ``Actually, we stole 260GB of data.We will sell these for 2.5 million dollars (approximately 370 million yen).''

As suspicions of hacking swirl, another hacker, MajorNelson, has issued a statement saying that he was ``involved in the attack,'' and refutes that ``RansomedVC is a liar.'' In contrast to RansomedVC, MajorNelson is releasing a 2.4GB compressed file for free, stating, ``Journalists believe the lies of ransomware gangs. They are too gullible and should be ashamed. 'He's just a scammer trying to gain influence by deceiving people,' he said.

According to BleepingComputer, the file published by MajorNelson includes authentication information for internal systems, information about SonarQube and

Creators' Cloud , incident response policy, etc. The same files as those published by RansomedVC were also included, but BleepingComputer concluded that ``In the end, it is still unclear who acquired the information.''

Furthermore, RansomedVC claims that it also targeted NTT Docomo on the same day it revealed information about Sony. Nearly 40 targets are listed on the RansomedVC group website, and the maximum ransom demand is $1 million (approximately 149 million yen).