Spider-Man Devs Insomniac Hit By Alleged Ransomware Attack [Update]

Insomniac Games, the PlayStation-owned developer behind Marvel’s Spider-Man and the upcoming Marvel’s Wolverine, was reportedly breached by a ransomware gang that claims to have stolen employees’ personal data and unreleased information about its upcoming X-Men action game.

According to reports by the Australian cybersecurity site CyberDaily and the U.K.-based tech news site Computing, the Rhysida group claimed to have infiltrated Insomniac Games’ security systems to access personal data of current and former employees, like passport scans, emails, and signed documents with confidential information. On top of that, Rhysida claimed to have personal information about Yuri Lowenthal, the voice actor who plays Peter Parker in Insomniac’s Spider-Man games.

Rhysida also claims to have acquired screenshots and character art for Marvel’s Wolverine, the hotly anticipated action-adventure game Insomniac is currently working on. According to the reports, the hackers say they have obtained character art for other Marvel characters that will appear in the game. On its leak site, Rhysida said Insomniac Games has seven days to respond or all the data will get published. At the same time, the collective is auctioning the information to anyone willing to buy it, with a starting bid of 50 Bitcoin (roughly $US2 million).

“With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data,” Rhysida said. “Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner!”

Who Or What Is Rhysida?

As is common with cybersecurity attacks, such as the one against Capcom in November of 2020, “Rhysida” is both a group and a malware. According to Computing.co, the gang is relatively new, and its activities were first reported on in May 2023. It largely focuses on U.K. institutions, though, targeting the likes of The British Library and King Edward VIII’s Hospital, where the Royal Family obtains medical care.

The ransomware developed by Rhysida is said to have severe negative impacts. It primarily affects Microsoft Windows users, and uses phishing attacks to trick employees and compromise devices by encrypting files and demanding a ransom to regain access. The software then swiftly moves through the network, attaching a “.rhysida” extension to all affected files.

On November 15, government agencies including the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), raised red flags about Rhysida and its malicious software. In a joint statement, the three agencies said the software has “predominately been deployed against the education, healthcare, manufacturing, information technology, and government sectors” since making itself publicly known in May. The agencies urged organizations to strengthen their cybersecurity to “reduce the likelihood and impact of Rhysida ransomware and other ransomware incidents.”

In a statement to VGC, Sony acknowledged the reports of the Insomniac hack and said it currently has “no reason” to believe that other subsidiaries were targets of the ransomware.

“We are aware of reports that Insomniac Games has been the victim of a cyber security attack,” Sony said. “We are currently investigating this situation. We have no reason to believe that any other SIE or Sony divisions have been impacted.”

Kotaku reached out to Insomniac Games and Sony for comment.

Sony, which owns Insomniac Games, has been hacked two previous times this year. The first incident occurred in May, with a group claiming to have stolen the data of nearly 7,000 current and former employees. Then in September, another group said it had breached the entire company in one fell swoop.

Update 12/12/23, 1:20 p.m. ET: Added a statement Sony gave to VGC.