San Francisco 49ers hit by ransomware attack

FBI says it’s investigating pre-Super Bowl ransomware attack on the 49ers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The San Francisco 49ers NFL team was hit by a majorransomwareattack on the day of the Super Bowl.

The organization confirmed toZDNetthat it had been hit by the BlackByte ransomware group, but the attack itself was fortunately somewhat limited.

In a statement confirming the incident, the 49ers said it “recently became aware of a network security incident” that disrupted its corporate IT network, but nothing more.

Leaking data

“Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident. Third-party cybersecurity firms were engaged to assist, and law enforcement was notified,” the statement added.

“While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders. As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible.”

The ransomware operators own a leak website where they advertise the data stolen from compromisedendpointsthat they plan on leaking to the public, with the San Francisco 49ers data reportedly appearing on the site late Saturday evening, just hours before the Super Bowl.

IT workers believe ransomware is as serious as terrorism>Surge in ransomware is driving zero trust adoption>Linux systems are being bombarded with ransomware and cryptojacking attacks

ZDNetalso hints that the FBI probably knew about the hack in advance, as the law enforcement agency issued a warning about BlackByte just a day before the incident was made public.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture). BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers,” the FBI had warned.

“Some victims reported the actors used a knownMicrosoftExchange Server vulnerability as a means of gaining access to their networks. Once in, actors deploy tools to move laterally across the network and escalate privileges before exfiltrating and encrypting files. In some instances, BlackByte ransomware actors have only partially encrypted files.”

BlackByte, a Ransomware-as-a-service (RaaS) operation, was established sometime last year. The master key (a decryptor, basically), was made available in October 2021 by cybersecurity researchers from Trustwave.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Owl Labs Meeting Owl 4+ review