Over 1.3 million files totaling 1.67TB have been leaked by the Rhysida ransomware group after a cyberattack on developer Insomniac Games.
The data includes extensive details on the upcoming PlayStation-exclusive Wolverine game, such as gameplay footage, level designs, and information on a planned trilogy of X-Men titles to be released by 2033.
The hackers are attempting to auction off the stolen data for over $2 million in Bitcoin after Insomniac failed to meet a ransom payment deadline last week.
The same group hacked the British Library in November with a similar type of extortion plot.
Rafe Pilling, the director of threat research at cybersecurity firm Secureworks, said, “This a classic example of a double extortion ransomware attack and they are using the threat of leaking or selling stolen data as leverage to extort a payment.”
Sony, Insomniac’s parent company, says it is investigating the breach but has not paid the ransom.
In addition to Wolverine assets, the leak contains sensitive internal information on unannounced Insomniac and Sony games including upcoming Spider-Man games, budgets, and employee data.
Sony has been the target of several major cyberattacks over the past decade, including the 2014 North Korean-sponsored Sony Pictures hack.
In that case, over 100TB of confidential data was stolen, including personal information about employees and their families, confidential emails, details about unreleased films, and more in what is thought to be retaliation over the movie The Interview.
More recently, gameplay footage from Grand Theft Auto VI was leaked after a cyberattack on Rockstar Games.
The Rhysida group says it targeted Insomniac because game developers are profitable and easy ransomware targets.