The Cyberattack on Insomniac Games.
By Tim Nodar, CyberWire senior staff writer
Dec 21, 2023

Rhysida's begun to publish data stolen from Insomniac games.

The Cyberattack on Insomniac Games.

Sony developer Insomniac Games sustained a massive data breach after it refused to pay a $2 million ransom to the Rhysida ransomware group, the Verge reports. The hackers published 1.67 terabytes of stolen data, including information and gameplay from the company’s upcoming Wolverine game, as well as data from several unannounced games. The leak also includes a great deal of personal information from thousands of current and former Insomniac employees.  Jonathan Weissman, a principal lecturer at Rochester Institute of Technology’s Department of Cybersecurity, told Polygon, “We’re talking about non-disclosure agreements with major companies and studios, internal developer Slack communications, internal HR documents, scanned employee passports, and more.”

Industry comments.

Darren James, a Senior Product Manager at Specops Software, noted:

“According to Cyber Daily, the Ransomware gang, Rhysida, those responsible for the attack on Insomnia Games/Sony, claim they managed to compromise a Domain Administrator account within 25 minutes? This highlights how easy it is to move laterally across a network once it’s compromised. Many companies think that they don’t require MFA for users when they are on the network, but examples like this seem to prove otherwise. It only takes one breached password to gain a foothold.

 “Preventing attacks like this requires a multi layered approach, first you must harden your external attack surface, but also within your network you need to adopt a zero trust approach making sure that you have strong, unbreached passwords for all users and flexible MFA enabled, particularly on privileged accounts that have access to sensitive data.”

Javvad Malik, Lead Security Awareness Advocate at KnowBe4, commented: 

“This breach underscores the continuing trend we're seeing across all sectors—no industry is immune. The auctioning of stolen data for Bitcoin further illustrates the need for robust cyber hygiene and aggressive incident response planning. Companies must learn and adapt quickly, implementing layered defenses and educating staff to recognise and respond to evolving threats. Knowledge sharing and government-industry collaboration are critical in responding to these threats. It's no longer enough to just protect the perimeter; the key is resilience and a comprehensive security strategy that includes preparation for the 'what if'—because the 'what if' is occurring with increasing frequency.”