Tuesday, March 19, 2024

San Francisco 49ers confirm ransomware attack

The San Francisco 49ers NFL team has fallen victim to a ransomware attack that encrypted files on its corporate IT network, a spokesperson for the team has told The Record.

The team confirmed the attack earlier today after the operators of the BlackByte ransomware listed the team as one of their victims on Saturday on a dark web “leak site” the group typically uses to shame victims and force them into paying their extortion demands.

IMAGE: SCREENSHOT OF THE BLACKBYTE 49ERS EXTORTION PAGE (VIA @CYBERKNOW20)

“Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident,” the team told us earlier today.

“While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders,” it added.

The team said it notified law enforcement and is working with third-party cybersecurity firms to investigate the attack.

“[W]e are working diligently to restore involved systems as quickly and as safely as possible,” the team said.

Attack could have been catastrophic in “what if?” scenario

ransomware attack
ransomware

The attack could have been catastrophic if the team had qualified for Super Bowl LVI, which will take place later today.

The 49ers dramatically lost 17 to 20 after the Los Angeles Rams mounted a 4th quarter comeback in the NFC Championship game two weeks ago.

If they had made it to the Super Bowl, this ransomware attack could have seriously disrupted the team’s game preparations, bringing ransomware to the forefront of the US media cycle once again after several high-profile incidents last year, including one that took place over the 4th of July weekend.

Recommended:  US charges Ukrainian national over alleged role in Raccoon Infostealer malware operation

Nonetheless, it is unclear how the current attack will impact the team’s plan for the next NFL season/year, which will start later this month with the free agency signing period, NFL Combine event, and subsequent NFL Draft.

FBI warns about BlackByte attacks

As for the attackers, the BlackByte ransomware gang is one of the smaller ransomware operations active today, operating on a RaaS (Ransomware-as-a-Service) model where they rent out their ransomware to “affiliates” who then carry out intrusions into organizations and deploy it to encrypt files.

These “affiliates” also steal files from the hacked networks, which the BlackByte gang uses as leverage in negotiations, threatening victims that they will release the stolen files on a dark web “leak site” if they don’t pay their extortion demands.

https://twitter.com/campuscodi/status/1442807045485330435

The first BlackByte attacks were seen in September 2021, and this first version of the ransomware was not very well coded, allowing cybersecurity firm Trustwave to find a weakness and use it to create a free decrypter.

In the following weeks, the BlackByte group released a second version, without the encryption bug, which they have been using in attacks since then.

According to an FBI security alert, since November 2021, the agency said the “BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).”

The FBI released its security alert [PDF] on Friday, a day before the attack on the 49ers organization became public, which has led some security experts to believe the document might contain tactics and indicators of compromise from the current 49ers attack.

Recommended:  CISA list of 95 new known exploited vulnerabilities raises questions

You may also enjoy reading, CVEs You May Have Missed While Log4J Stole The Headlines

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security