The 49ers Hit by Blackbyte Ransomware Attack
The NFL Team Recently Became Victim to a Ransomware Attack that Caused a Temporary Disruption of Their IT Network.
The San Francisco 49ers (sometimes known as the San Francisco Forty Niners) are an American football club from the San Francisco Bay Area that competes in the National Football League.
Originally a founder member of the All-America Football Conference (AAFC), the club became a member of the National Football League (NFL) in 1949 when the leagues merged. The San Francisco 49ers were the first major league professional sports club to be headquartered in the city, and they are the NFL’s 10th-oldest franchise overall.
Between 1981 and 1994, the San Francisco 49ers won five Super Bowl victories.
BleepingComputer confirmed that the team was the victim of an assault, which caused a brief interruption to elements of their information technology network.
The team did not confirm whether or not the ransomware was successfully delivered, but stated they were still in the process of restoring systems, implying that the devices were most likely encrypted.
The San Francisco 49ers recently became aware of a network security incident that resulted in temporary disruption to certain systems on our corporate IT network. Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident.
Third-party cybersecurity firms were engaged to assist, and law enforcement was notified.
While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders.
As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible.
The BlackByte gang took credit for the 49ers’ hack yesterday, just as the NFL was getting ready for the Super Bowl in 2022, by starting to release data that they say is comprised of stolen files from the 49ers’ computer network server.
There is a 292MB package of files that the threat actors claim are stolen 2020 bills from the 49ers’ network, and the data has been exposed.
BlackByte often exposes the information on its victims in increasing volumes in order to further pressurize the victim into paying.
The amount of data taken during the assault on the 49ers is not known at this time, although BlackByte has stolen gigabytes of data from past victims.
The BlackByte ransomware started targeting business victims throughout the globe in July 2021, when it first appeared on the scene.
As my colleague Antonia explained, just like its other ransomware fellows, BlackByte targets its victim’s files by applying encryption to them. Afterward, the BlackByte ransomware victims usually receive a ransom note on their computer screen, which says that they have to pay a ransom in order to have their files decrypted.
When gaining initial access to a business network, the ransomware gang is known to exploit security flaws, demonstrating the need of having the most up-to-date software versions installed at all times.
How Can Heimdal™ Help?
In the fight against ransomware, Heimdal™ Security is offering its customers an outstanding integrated cybersecurity suite including the Ransomware Encryption Protection module, that is universally compatible with any antivirus solution, and is 100% signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).