Blackbyte ransomware gang claims it hacked San Francisco 49ers

The San Francisco 49ers were hit by a ransomware attack, with cybercriminals claiming to have stolen some of the football team’s financial data.

The BlackByte ransomware gang recently posted some of the group’s allegedly stolen documents on the Dark Web in an “Invoices 2020” file. The gang did not disclose any of its ransom claims, nor did it specify how much data it had stolen or encrypted.

The team, which is one of the most valuable and historic franchises in the NFL and lost a closed playoff game Two weeks ago, it said in a statement on Sunday that it had recently been notified of a “network security incident” that had disrupted some of its corporate IT systems. The 49ers said they had alerted law enforcement and hired cybersecurity companies to help.

“To date, we have no indication that this incident involves systems outside of our corporate network, such as those associated with Levi’s Stadium operations or ticket holders,” the team said in a statement, referring to its home stadium.

The news of the attack comes two days after the FBI and the US Secret Service issued a warning about the BlackByte ransomware, saying it “has endangered many US and foreign companies, including entities in at least three vital areas in the US” by November.

Ransomware Gangswho hack targets and hold their data hostage through encryption have wreaked havoc in the past year with high-profile attacks on the world’s largest meat processing companythe biggest US fuel pipeline and other objectives. Western governments have pledged to crack down on cybercriminals, who are heavily active in and around Russia but have little to show for their efforts.

Last month, ransomware victims included operators of offshore fuel depots in Belgium and Germany and media outlets in Portugal. A cyber-attack on Vodafone wireless service provider in Portugal last week had all the hallmarks of ransomware, although the company’s CEO for Portugal said it had not received any ransomware demand.

Ransomware turnkey

BlackByte is a so-called ransomware-as-a-service team. This means that it is decentralized, with independent operators developing malware, invading organizations, or taking on other roles. It’s part of a trend of ransomware groups becoming more and more professional. A recent report by the FBI, NSA and others stated that ransomware operators are even setting up an arbitration system to resolve payment disputes between them.

In ransomware attacks, cybercriminals encryption of an organization’s data and then ask for payment to get rid of it. Brett Callow, a threat analyst at cybersecurity company Emisoft, said BlackByte malware, like many variants of ransomware, was encrypted to prevent encryption of systems using Russian or languages ​​used by certain Russian allies.

But Kahlow said that did not mean that anyone behind the 49ers’ attack was in Russia or one of its neighbors.

“Anyone can use malware to launch attacks,” he said.