The ransomware gang Ransomed.vc claims to have carried out a successful ransomware attack on Sony. Remarkably, the hackers are capitalizing on GDPR laws and regulations in the process.
The Ransomed.vc ransomware gang claims to have recently hacked “all of Sony’s systems,” capturing data and offering it for sale. The post was spotted by Cybersecurity Connect. The latter is because Sony allegedly did not pay to prevent disclosure.
The gang does not appear to have locked Sony’s systems but only stole data. This includes information on an internal login page, an internal PowerPoint presentation with test bench details and some Java files. A total of 6,000 files are involved. The hackers are not providing a price for the data.
Ransomed.vc has only been active since August of this year, security experts indicate. The hackers allegedly use a unique extortion method. They use GDPR laws and regulations to extort affected companies. If companies do not pay up, they make the stolen information public, which will lead to a fine because of the GDPR. The fear of these fines should convince companies to pay the requested amount.
In addition to Sony, the hackers allegedly also affected Japanese mobile operator NTT Docomo. They would demand a ransom of $1.015 million for the captured data. Other companies have also been affected, but these are mostly smaller companies.