Details of the Ransomware Attack
While Rhysida claims to have pilfered undisclosed amounts of sensitive data from Insomniac, specifics remain elusive. Low-quality screenshots released by the cartel include snippets of confidential internal emails, copies of passports and personal ID cards, and intriguing glimpses of game assets or gameplay.
The stolen data is on the auction block for a limited time, with over six days remaining. The opening bid is a hefty 50 BTC, equivalent to roughly $2 million. Notoriously, ransomware actors often employ tight deadlines to pressure their victims into paying, creating a sense of urgency and panic.
Cybernews reached out to Insomniac’s owner, PlayStation Studios, for comment, but as of publishing, no response has been received. The lack of a statement from the gaming giant adds an air of mystery to the situation.
In a post on the dark web blog, Rhysida challenges potential bidders, stating, “With just seven days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data. Open your wallets and be ready to buy exclusive data. We sell only to one hand [sic], no reselling, you will be the only owner.”
Insomniac Games, based in Burbank, California, became part of PlayStation Studios following Sony Interactive Entertainment’s acquisition in 2019 for $229 million. With a rich history dating back to its founding as Xtreme Software in 1994, the studio has consistently delivered popular franchises, including Marvel’s Spider-Man, Ratchet & Clank, Resistance, and Spyro the Dragon.
Rhysida’s Menace on the Cyber Ransomware Scene
Rhysida ransomware, a relatively new entrant to the cybercriminal landscape, first surfaced in May. The US Cybersecurity Infrastructure and Security Agency (CISA) identifies it as a threat actor impacting diverse sectors, including education, healthcare, manufacturing, information technology, and government.
Rhysida isn’t limited to direct attacks; it also operates as a ransomware-as-a-service (RaaS) outfit, leasing its tools and infrastructure in a profit-sharing model. The group is suspected to have connections with Vice Society, a notorious threat group known for targeting the education sector in the US, Canada, and the UK.
Rhysida gained notoriety after successful attacks on the Chilean government and the Prospect Medical Group, leaking stolen data in June and August, respectively. According to Ransomlooker, a Cybernews tool for ransomware monitoring, Rhysida has victimized nearly 50 organizations in the past 12 months.
This isn’t the first time Sony has faced the threat of ransomware. In late June, the Cl0p ransom gang claimed Sony as one of its victims in the infamous MOVEit Transfer hacks. We’ve actually made a blog already on this attack, which you can read here. Sony Interactive Entertainment, responsible for developing PlayStation consoles, acknowledged that thousands of its former employees had their data exposed in what is deemed the largest breach of 2023.
Conclusion
As the dark web auction for Insomniac Games’ stolen data unfolds, the gaming industry grapples with the growing menace of ransomware. The Rhysida cartel’s brazen tactics and successful exploits underscore the urgent need for heightened cybersecurity measures across sectors vulnerable to cyber threats.
We hope you’ve enjoyed this blog. Be sure to watch out for our future weekly blog releases and thanks for reading!
