Wolverine part of massive Insomniac Games leak after ransomware deadline passes
Footage of Insomniac’s upcoming Wolverine game has started widely circulating on X after hackers published troves of internal data from its developer. Cyber Daily reports that a total of 1.67 terabytes of data comprising over 1.3 million files has been released by the Ryhsida ransomware gang, which announced that it had stolen the data in a hack on December 12th. At the time, the group announced an auction price for the data starting at 50 bitcoins, roughly $2 million, and a seven day deadline to pay.
Alongside level design and character materials from Wolverine, the leak seemingly includes several internal company presentations containing details on unannounced Insomniac and Sony games, screenshots of internal spreadsheets, and details on development and marketing budgets. Wolverine is reportedly named as the first in a trilogy of planned X-Men titles, with the second and third games due for release before the end of 2029 and 2033 respectively, according to Cyber Daily. There’s also mention of a third Spider-Man game, a game based on Venom, and a new entry in the Ratchet and Clank franchise.
Sony did not immediately respond to The Verge’s request for comment on the release of the hacked materials. When Ryhsida announced the hack last week, Sony said it was investigating, adding that it had “no reason to believe that any other SIE or Sony divisions have been impacted.”
The company has also been impacted by the MOVEit cyberattacks this year. In October Bleeping Computer reported that Sony Interactive Entertainment had notified around 6,800 current and former employees of a breach that exposed personal information. The group behind that attack was separate from the latest Insomniac hack; ransomware group Cl0p claimed responsibility in June. Sony’s film division, Sony Pictures, was the target of a major hack almost a decade ago in 2014, in which personal information about employees and internal emails was leaked publicly in an attack believed to be sponsored by the North Korean government.
Rhysida was the subject of a cybersecurity alert published last month that was co-authored by the US Department of Justice and Cybersecurity & Infrastructure Security Agency. The alert noted that Rhysida has been seen to use VPNs to connect to internal company systems from the outside, often using compromised credentials with “organizations lacking MFA enabled by default.”
When contacted by Cyber Daily, a representative from Rhysida said that its attack was motivated by money. “We knew that developers making games like this would be an easy target,” they said.
Read the full article Here