Hackers release footage from upcoming Wolverine game and 1.3 million other stolen files

On December 12, Rhysida, a ransomware group, announced it had taken 1.67 terabytes of data — over 1.3 million files — from Sony's Insomniac Games and requested $2 million. Now, the one-week deadline for Insomniac Games to pay Rhysida has passed, and the group has made good on its threat to release the stolen information, Cyber Daily reports.

The data includes internal HR documents, screenshots of employees' Slack conversations, and more, but the main focus is the yet-to-be-released Wolverine video game. The released files contain details about level design, characters and actual screenshots from the game. There's also a signed publishing agreement between Sony and Marvel that lays out three upcoming X-Men games, the first being Wolverine, with the other two still unnamed. However, it details that Sony — which plans to spend $120 million per game — must release Wolverine by September 1, 2025, with the others due by the end of 2029 and 2033, respectively.

Rhysida claims that it took the group only 20 to 25 minutes to get the domain administrator and that money was their sole motivation. "We knew that developers making games like this would be an easy target," a Rhysida spokesperson told Cyber Daily. "Sony has launched an investigation, but it would be better in the backyard."

Notably, Rhysida's initial ransom notice allowed anyone to bid on the data, not just Insomniac Games, and it appears some of it was bought. The ransomware group stated that any unsold data was released — but only 98 percent of stolen information is publicly available. Rhysida stipulated that any data purchased must not be resold, but who knows if the new owners will follow that rule.

Rhysida only targeted Insomniac Games within Sony, but in May, a separate attack gained access to 6,800 current and former employees' personal data. The attack, which ransomware group CLOP took credit for, became public knowledge in October.