On December 12, the ransomware crew, Rhysida, threw down the gauntlet, boasting about snagging 1.67 terabytes of data – that’s a whopping 1.3 million files – from the vaults of Sony’s Insomniac Games. Their demand: a cool $2 million. Fast forward to today, and the one-week countdown for Insomniac Games to cough up the dough has ticked away. Rhysida isn’t playing nice; they’ve made good on their threat and unleashed the stolen loot, according to Cyber Daily.
What’s in the loot bag, you ask? Internal HR documents, snapshots of employees’ Slack chats, and a bunch more. But here’s the kicker – the crown jewel of the haul is info about the yet-to-be-released Wolverine video game. We’re talking level designs, characters, and actual screenshots from the game. Plus, a signed deal between Sony and Marvel spilled the beans on three upcoming X-Men games. Wolverine is the first in line, and Sony’s committing a cool $120 million per game. They’ve got to drop Wolverine by September 1, 2025, with the other two following suit by the end of 2029 and 2033.
Rhysida claims they blitzed through the defenses, snagging the domain administrator in a mere 20 to 25 minutes. Why? For the love of money, plain and simple. A Rhysida spokesperson spilled the beans, saying, “We knew that developers making games like this would be an easy target. Sony’s on the case with an investigation, but who knows how that’ll pan out.
What’s wild is that Rhysida’s first ransom note was basically an open invitation – anyone could bid on the data, not just Insomniac Games. Turns out, some folks took them up on the offer. Rhysida spilled the tea that any unsold data got thrown out into the wild, but only 98 percent of the stolen info is out there for all to see. Oh, and there’s a catch – if you bought the data, Rhysida says you can’t turn around and sell it. Will the new owners play by the rules? Your guess is as good as mine.
Rhysida had its crosshairs on Insomniac Games this time, but back in May, another attack hit the jackpot. Ransomware gang CLOP claimed credit for this one, grabbing personal data from 6,800 current and past Sony employees. The word got out in October, turning the spotlight on Sony’s cybersecurity saga.