RICHMOND, Va. — The San Francisco 49ers have been hit by a ransomware attack, with cybercriminals claiming to have stolen some of the football team’s financial data.
The BlackByte ransomware gang recently posted some of the allegedly stolen team documents on a dark website in a file titled “2020 Invoices”. The gang has not made any of its ransom demands public or specified how much data it has stolen or encrypted.
The team, which is among the NFL’s most valuable and wealthy franchises and lost a close playoff game two weeks ago, said in a statement Sunday that it had recently become aware of an “incident network security” that had disrupted some of its corporate IT services. network systems. The 49ers said they notified law enforcement and hired cybersecurity firms to help.
“At this time, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders,” the team said in a statement, referring to his stage of origin.
News of the attack comes two days after the FBI and US Secret Service issued an alert on BlackByte ransomware, claiming it had “compromised multiple U.S. and foreign companies, including entities in at least three U.S. critical infrastructure sectors” since November.
Ransomware gangs, which hijack targets and hold their data hostage through encryption, have wreaked widespread havoc over the past year with high-profile attacks on the world’s largest network. meatpacking company, the biggest American fuel pipeline and other targets. Western governments have pledged to crack down on cybercriminals, who operate primarily in and around Russia but have little to show for their efforts.
In the past month, ransomware victims have included maritime fuel depot operators in Belgium and Germany and media outlets in Portugal. A cyberattack on wireless service provider Vodafone in Portugal last week had all the hallmarks of ransomware, although the company’s CEO for Portugal said he had not received any ransomware requests.
BlackByte is a ransomware-as-a-service group. That means it’s decentralized, with independent operators developing the malware, hacking organizations, or fulfilling other roles. This is part of a trend towards the increasing professionalization of ransomware groups. A recent report from the FBI, NSA and others said that ransomware operators are even setting up an arbitration system settle payment disputes between them.
Brett Callow, a threat analyst at cybersecurity firm Emisoft, said BlackByte’s malware, like many ransomware variants, is hard-coded to not encrypt systems that use Russian or languages used by some. Russian allies.
But Callow said that doesn’t mean whoever is behind the 49ers attack is in Russia or any of its neighbors.
“Anyone can use the malware to launch attacks,” he said.