Blackbyte ransomware gang claims it hacked San Francisco 49ers

The San Francisco 49ers have been hit by a ransomware attack, and cybercriminals say they stole some of the football team’s financial data.

BlackByte ransomware band recently released some of the computer documents allegedly stolen on the dark web in a file marked “Invoices 2020”. The gang did not disclose any of its rescue claims or specify how much data was stolen or encrypted.

The team, which is among the most valuable franchises and stories in the NFL and he lost a tight playoff game Two weeks ago, he said in a statement on Sunday that he had recently become aware of a “network security incident” that had disrupted some of his corporate computer network systems. The 49ers said they had notified law enforcement and hired cybersecurity companies to help.

“So far, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders,” the team said in a statement, referring to its stage.

The news of the attack comes two days after the FBI and the US Secret Service issued an alert about BlackByte ransomware, saying it had “engaged several US and foreign companies, including entities in at least three sectors of U.S. Critical Infrastructure “since November.

Ransomware Bandswho hacked targets and held their data hostage through encryption, have wreaked havoc over the past year with high-profile attacks on the world’s largest. meat processing companythe largest US fuel pipeline and other goals. Western governments have pledged to crack down on cybercriminals, who operate mainly in and around Russia, but have little to show for their efforts.

Last month, ransomware victims included operators of marine fuel depots in Belgium and Germany and media in Portugal. A cyberattack on wireless provider Vodafone in Portugal last week had all the ransomware badges, although the company’s CEO in Portugal said he had not received any ransomware claims.

Turnkey ransomware

BlackByte is a call ransomware group as a service. This means that it is decentralized, with independent operators developing malicious software, hacking organizations, or performing other functions. It is part of a trend that ransomware groups are becoming more professional. A recent report by the FBI, NSA and others said ransomware operators are even setting up an arbitration system to resolve payment disputes between them.

In ransomware attacks, cybercriminals encrypt the data of an organization and then demand payment to decrypt it. Brett Callow, a threat analyst at cybersecurity firm Emisoft, said BlackByte malware, like many variants of ransomware, is encrypted to not encrypt systems that use Russian or languages ​​used by certain Russian allies.

But Callow said that does not mean that anyone behind the 49ers’ attack is in Russia or one of its neighbors.

“Anyone can use malware to launch attacks,” he said.