Ransomware gang says hacked 49ers football team

Richmond, Virginia (AP) — The San Francisco 49ers have been hit by a ransomware attack, claiming that cybercriminals stole some of the football team’s financial data.

Ransomware gang BlackByte recently posted some of the allegedly stolen team documents to a file labeled “2020 Invoices” on the dark website. The gang did not publish the ransom request or specify the amount of data stolen or encrypted.

One of the NFL’s most valuable and renowned franchises, the team that lost the playoffs two weeks ago recently reported in a statement on Sunday that it was a “network security incident” that disrupted some of the company’s IT. He said he noticed. The 49ers notified law enforcement agencies and said they hired a cybersecurity company to help.

“So far, there is no indication that the incident involves systems outside the corporate network, such as Levi’s Stadium operations or systems related to ticket owners,” the team said in a statement. Mentioned.

Attack news arrives two days after the FBI and the US Secret Service Issued an alert As for BlackByte ransomware, “several US and foreign businesses have been compromised, including at least three US critical infrastructure sector entities,” since November.

The ransomware gang, which hacks targets and holds data hostage by encryption, caused havoc with the world’s largest attack last year. Meat packaging company, maximum U.S. fuel pipeline And other targets. Western governments have promised to crack down on cybercriminals operating primarily in and around Russia, but show little indication of their efforts.

Last month, ransomware victims included operators of offshore fuel depots in Belgium and Germany and the Portuguese press. The cyberattack on wireless provider Vodafone in Portugal last week had all the characteristics of ransomware, but the company’s CEO in Portugal said there was no demand for ransomware.

BlackByte is a ransomware group as a service. This means that independent operators are decentralized by developing malware, hacking organizations, and playing other roles. This is part of the growing expertise of the ransomware group. According to recent reports by the FBI, NSA, etc., ransomware operators Arbitration system To resolve payment disputes between them.

Brett Callow, a threat analyst at cybersecurity firm Emisoft, said BlackByte malware, like many ransomware variants, does not encrypt systems that use Russian or the language used by certain Russian allies. Said it was hard-coded.

But Callow said it doesn’t mean that the person behind the 49ers attack is in Russia or one of its neighbors.

“Anyone can use malware to launch an attack,” he said.

Posted on