Skip to main content

Sony is investigating an alleged ransomware attack on Insomniac

Sony is investigating an alleged ransomware attack on Insomniac

/

A ransomware group claims it will release data stolen from Insomniac Games in seven days.

Share this story

An illustration of the Sony logo.
Illustration by Kristen Radtke / The Verge

Sony is investigating claims by the Rhysida ransomware group that it stole sensitive data from Insomniac Games, including personal information for the voice actor who portrayed Peter Parker in Spider-Man 2. Australian outlet Cyber Daily reported today that the group had posted some of the data as proof of the hack and is currently auctioning the full set for around $2 million worth of bitcoin.

Some of the data published by Rhysida reportedly includes details about Insomniac’s upcoming Wolverine game, including a screenshot and some character art that Cyber Daily wrote “seems to relate to other Marvel characters” from the game. The outlet also says the data included scans of Insomniac employees’ passports, as well as one for Yuri Lowenthal, who has voiced Peter Parker in several Marvel productions, including Insomniac’s Spider-Man games.

According to a statement published by Eurogamer, Sony is “aware of reports” that there was a cyberattack at Insomniac Games, but that it doesn’t have reason to believe that any other Sony divisions were affected by this breach.

This isn’t the first breach for Sony this year. As Eurogamer noted, the company recently issued notices to about 6,800 Sony Interactive Entertainment employees who were affected by a breach in May — it was one of the many companies and governments hit by this year’s large-scale MOVEit hacks.

The US Department of Justice and Cybersecurity & Infrastructure Security Agency co-authored a cybersecurity alert last month, saying that Rhysida’s hacks of enterprise systems are “notably due to organizations lacking MFA enabled by default.” The information security wing of the US Health and Human Services Department noted in a similar alert from August that the group characterizes itself as a “cybersecurity team” in its ransomware notes, which it said mostly target educational services providers.