Ransomware group Rhysida has posted 1.67 terabytes of data spanning 1.3 million files on its darknet site, obtained from game developer Insomniac.
The hack took place on December 12, followed by a demand made to the company. When this was not fulfilled, 98 per cent of the full data set was uploaded to the darknet, with the remaining files being sold.
Many of the files and leaks are now being discussed and shared on other platforms like Reddit and Imgur, spreading the content still further.
Read on for all you need to know about Rhysida and what they hacked from Insomniac.
Who hacked Insomniac?
Rhysida is a ransomware group, believed to originate from Russia or CIS. This isn't the first hacking job they have completed, having already attacked the British Library in October of this year, as reported by the Guardian.
Ransomware gangs like Rhysida work by infecting organisations' computers with malicious software known as malware, making them inaccessible internally, and often lifting files and data to separate locations.
Typically, access to the computers, information, or both are then ransomed back to the organisation, as is the case with Insomniac.
What were their demands?
In the case of Insomniac, Rhysdia demanded at least 50 bitcoin, the equivalent of around £1,750,000, while trying to auction off the data.
Insomniac did not fulfil the demands, resulting in 1.67 terabytes of data, including 1.3 million files, being released.
A further two per cent of data was auctioned off to external buyers, separate to Insomniac.
A spokesperson for Rhysida told Cyber Daily that the motive for the hack was entirely financial, describing companies like Insomniac as an “easy target”. Reportedly, it took the Rhysida team “20-25 minutes” to get to the domain administrator.
What details did the company leak?
The data leaked includes footage and files of character designs and level plans from Insomniac’s upcoming Wolverine game, as well as the studio’s release slate for the next 12 years.
The game studio’s projected slate of releases until 2035 is laid out in multiple presentations, featuring highly anticipated games like future Spider-Man and Ratchet & Clank games, a new intellectual property launch, and the apparent extension of Wolverine into an ongoing series of X-Men games.
Plans for a suite of online games based on Insomniac’s Marvel superhero properties were also leaked, although may be out of date or subject to change.
In addition to specific gaming content, there are sensitive details of the terms of Insomniac’s publishing agreement with Marvel, including budgets, commercial plans for upcoming games, and Sony strategy documents.
These reference unannounced projects with other studios, such as Guerrilla Games and Bluepoint Games, as well as Insomniac's internal view of the acquisition of Activision Blizzard by gaming rival Microsoft.
In addition, files related to HR documents have been released, including Slack messages and the contents of several employees’ computers. The HR documents also feature photocopies of some employee passports, revealing the personal information of individuals.
The Evening Standard has contacted Insomniac Games for a response.