While Sony emphasized that the breach was contained within the software platform and did not extend to its wider network, sensitive data from 6,791 individuals in the United States fell into the hands of a financially motivated Russian ransomware actor known as Cl0p.
In a concerning turn of events, Cl0p wasted no time and included Sony on its data leak site, offering the stolen information for sale. It appears that Sony opted not to engage in negotiations or meet the ransom demand. The dark web advertisement posted by a threat actor named Ransomed.vc included a small sample of the data, featuring screenshots of an internal login page, an internal PowerPoint presentation, and some Java files. The advertisement claimed that “all of Sony systems” had been compromised.
