iscover
David HollingworthShare this article on:
The Rhysida ransomware gang publishes 98 per cent of leaked data minutes after the ransom deadline passes – Wolverine game files included.
The Rhysida ransomware gang has posted a trove of Insomniac Games’ internal data to its darknet leak site following the passing of its ransom deadline.
The data totals 1.67 terabytes and contains more than 1.3 million files – including many that appear to belong to Insomniac’s upcoming Wolverine video game.
The gang said in its leak post that “Not sold [sic] data was uploaded, data hunters, enjoy”, and it appears some data was, in fact, sold to an enterprising bidder. Only 98 per cent of the full data set has been uploaded.
Rhysida initially made its threat to publish on 12 December after publishing limited proof-of-hack material, including passport scans, and was asking about US$2 million for the data. Any buyer, including Sony, was welcome to bid.
What’s in the leak?
The files were uploaded in three parts, each linking to an online data catalogue. Looking through the first set of data alone reveals a wide selection of level design and character materials, and even design images and jpegs – all from the Wolverine game.
The leak also includes many files from Insomniac’s Spider-Man 2 video game, as well as internal HR documents such as I-9 employment forms and termination documents. Internal screenshots of Insomniac’s Slack channels are included, and the contents of several employee PCs have also been published.
Of particular interest to gamers who are fans of the X-Men is a publishing agreement between Marvel and Sony Interactive Entertainment, signed by both Isaac Perlmutter, Marvel’s chairperson of entertainment, and Jim Ryan, Sony’s president. The document is effective as of 26 July 2021 and lists three upcoming X-Men games to be published under the agreement, the first being Wolverine and the rest as yet unnamed.
But the document does go into release dates and costings, as well as many other details. Wolverine is to be published no later than 1 September 2025, while the other two are to come before 31 December 2029 and 31 December 2033, respectively.
According to the agreement, Sony is expected to spend at least US$120 million on each title.
So far, Cyber Daily has been unable to confirm if the passports belonging to Insomniac’s staff are included in the leak.
What does Rhysida have to say?
Cyber Daily reached out to Rhysida to learn a little more about the circumstances of the attack, and it turns out Sony and Insomniac were specifically targeted – at least according to Rhysida.
“Yes, we knew who we were attacking,” a Rhysida spokesperson told Cyber Daily via email. “We knew that developers making games like this would be an easy target.”
It also turns out that the hack itself did not present much of a problem, with the spokesperson saying: “We were able to get the domain administrator within 20–25 minutes of hacking the network.”
As to Sony’s investigation of the incident, which was launched soon after the hack came to light, Rhysida has some worrying advice.
“Sony has launched an investigation, but it would be better in the backyard,” the spokesperson said.
Finally, when it comes to motivation, Rhysida said money was the only motive for the attack.
Cyber Daily has reached out to Sony for comment.
Be the first to hear the latest developments in the cyber industry.
