49ers hit by ransomware attack, team financials exposed


The 49ers would rather call it a “network security incident,” but team documents are now being posted on the dark web, and hackers may have a lot more hacked data to expose if the 49ers don’t pay.

Anyone who watched Sunday’s Super Bowl knows that cryptocurrency had its Pets.com coming out party during in-game commercial breaks, the real time of arrival for blockchain and crypto. But some blockchain and crypto enthusiasts looked to score more points on Saturday, the day before the Super Bowl, as CNN reports that a a ransomware gang has infiltrated the 49ers’ computer systemsand internal financial documents were published on the dark web.

The 49ers prefer to call it a “network security incident,” but acknowledged in a statement Sunday that they were indeed hit by a ransomware attack. “At this time, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders,” the team said in its statement. “As the investigation continues, we are working diligently to restore the systems involved as quickly and safely as possible.”

49ers vice president of corporate communications Roger Hacker (yes, that’s his name, say so in the comments) refused to tell CNN if it was a ransomware attack. But the Associated Press reports on ESPN that “The BlackByte ransomware gang recently released some of the allegedly stolen team documents on a dark web site in a file marked ‘Invoices 2020’.”

BlackByte is a known RaaS (ransomware-as-a-service) operator, and according to TechCrunch, the group leaked “a small number of files it claims were stolen.” So there could be a lot more to come. And it’s really part of a larger attack that the FBI and the Secret Service have warned of Friday, claiming that this BlackByte attack targeted “at least three critical infrastructure sectors in the United States (government, financial, and agribusiness facilities)”.

“Ransomware-as-a-service (RaaS)” is the co-optation of technology company terminology, and it basically means that you can buy or rent the BlackBytes malware to carry out your own attack with it. This makes it harder for law enforcement to track down the real perpetrators; it’s not necessarily the ransomware gang that did the work, it could be one of their clients. The system has become so sophisticated that, according to the AP, “ransomware operators are even setting up an arbitration system to resolve payment disputes between them.”

No ransom has been announced and this information may never become public. But these ransoms almost always ask for payment in cryptocurrency. Which is just one reason why all this blockchain mania is baffling the general public – if blockchain generates such secure and reliable transaction records, why do criminals prefer it? Wouldn’t secure and trustworthy records be enough? Easier find and arrest the criminals?

These are larger issues, and right now the 49ers (and God knows how many other breached organizations) have a more immediate problem on their hands. But in the days following the four cryptocurrency ads aired during the Super Bowlan NFL team might have a sudden need to purchase large volumes of cryptocurrency – just so they can pay off criminals with it.

Related: Hackers Execute Ransomware Attack Against Asian Art Museum [SFist]

Picture: LevisStade.com


Comments are closed.