A brand new risk actor is providing information purportedly stolen from Sony on the Dark Webhowever debate is ongoing as to how the group obtained the leisure large’s knowledge and the way beneficial it truly is.
An operation known as “Ransomed” or “RansomedVC” — little greater than a month previous at this level — posted a discover to its Darkish Net leak web site on Monday, claiming to have “compromissed [sic] all of sony [sic] systems.” After Sony refused to pay up, the group says, it is now promoting the info to the group.
However in a post on X (formerly Twitter) for “nerds” that went up Sept. 25vx-underground clarified that the group “did not deploy ransomware, no corporate data was stolen, services not impacted.” What it did do, it appears, was gather knowledge from numerous developer instruments utilized by the corporate, together with Jenkins, SVN, SonarQube, and Creator Cloud Improvement, in addition to another doubtless noncritical credentials and information.
As of publication, Sony had not responded to Darkish Studying’s request for remark. A Sonyrepresentative told SecurityWeek that it is investigating the scenario.
What Really Occurred
To show its accomplishment, Ransomed apparently hooked up a file tree for the complete leak in its Darkish Net itemizing. Nevertheless, it accommodates fewer than 6,000 information in all, hardly “all of Sony.”
On on-line message boards, hackers and events alike poked fun at the discrepancy. And in a single cybercrime discussion board submit, a person by the title “Major Nelson” went a step additional, publishing all of the data they declare Ransomed stole. (It is unclear how any of those events obtained this knowledge.) It included these infrastructure information, in addition to a tool emulator for producing licenses, incident response insurance policies, “a lot of credentials for internal systems,” and extra.
Main Nelson appeared to downplay the severity of all of it. “You journalists believe the ransomware crew for lies. Far too gullible, you should be ashamed. RansomedVCs are scammers who are just trying to scam you and chase influence. Enjoy the leak,” they wrote.
Since its preliminary posting, the group itself seems to be altering its messaging. In a more recent forum post captured by SOCRadarone Ransomed affiliate claimed that it is promoting “access to Sony infrastructure.”
This is not the primary time that the younger risk actor has exaggerated its accomplishments.
Who Are Ransomed?
Ransomed.vc was launched on Aug. 15, as a brand new hacker discussion board. However the very subsequent day, it was the sufferer of a DDoS assault. After that, its admins rebranded it as a leak web site for a ransomware operation.
Ferhat Dikbiyik, head of analysis at Black Kite, has been monitoring the group by way of its on-line channels. “The thing about this group is that we’ve recorded how many … 41 victims so far? And maybe half of them are from Bulgaria. So they really focus on small businesses in small countries,” he says.
Distinction that with its grand claims about Sony and Transunion, for which it claimed to have stolen “everything their employes [sic] ever downloaded or used on their systems.”
It is an beginner outfit, Dikbiyik explains. “I think it was two weeks ago they hacked a company, and changed their website. Website defacement is a very old-school script — the more quote-unquote ‘professional’ ransomware groups do not do that — because they do not want to expose the victim and lose leverage.”
Dikbiyik concludes: “They just want to get a reputation.”
Author: Nate Nelson, Contributing Author, Darkish Studying
Date: 2023-09-26 17:20:00