Sony investigating potential ransomware attack on Insomniac Games unit

Sony said it is looking into reports of a ransomware attack on its subsidiary Insomniac Games, the studio behind popular titles like Spider-Man, Spyro the Dragon and more.

On Tuesday, the Rhysida ransomware gang claimed to have attacked Insomniac Games, giving the video game developer six days to respond to their undisclosed ransom demand.

In a statement to Recorded Future News, a Sony Interactive Entertainment (SIE) spokesperson said they are aware of reports that “Insomniac Games has been the victim of a cyber security attack.”

“We are currently investigating this situation,” they said. “We have no reason to believe that any other SIE or Sony divisions have been impacted.”

The Rhysida ransomware gang – named after centipedes – first emerged in late May 2023 and has already claimed major attacks on government institutions in Portugal, the Dominican Republic, Kuwait, Chile and the Caribbean island of Martinique.

The gang drew headlines in the U.S. for its devastating attack on Prospect Medical Holdings – which operates 16 hospitals in several states and was forced to redirect ambulances as a result of the incident.

In November, the top cybersecurity agencies in the U.S. released an advisory on the gang’s operations warning that it has “predominantly been deployed against the education, healthcare, manufacturing, information technology, and government sectors since May 2023.” The advisory cites several cybersecurity reports drawing links between the gang and another ransomware operation named Vice Society.

Insomniac Games would be far from the first gaming studio to face attack in recent years, with dozens of the biggest game makers dealing with ransomware incidents and more.

Gaming giants like Rockstar, Activision Blizzard, Bandai Namco, Capcom, CD Projekt Red and Riot Games have each dealt with cybersecurity incidents over the last three years. Both Ubisoft and Crytek were hit by the Egregor ransomware gang in 2020.

In 2021, cyberattackers began selling access to Electronic Arts games and servers after a hack. A hacker defaced the in-game interface of Apex Legends in June 2021 and French video game maker Ubisoft said in December that a misconfiguration in its IT infrastructure exposed gamer data for players of its Just Dance video game series.