Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Ransomware Gang Says it Has Hacked 49ers Football Team

The San Francisco 49ers have been hit by a ransomware attack, with cyber criminals claiming they stole some of the football team’s financial data.

The San Francisco 49ers have been hit by a ransomware attack, with cyber criminals claiming they stole some of the football team’s financial data.

The ransomware gang BlackByte recently posted some of the purportedly stolen team documents on a dark web site in a file marked “2020 Invoices.” The gang did not make any of its ransom demands public or specify how much data it had stolen or encrypted.

The team, which is among the most valuable and storied franchises in the NFL and lost a close playoff game two week ago, said in a statement Sunday that it recently became aware of a “network security incident” that had disrupted some of its corporate IT network systems. The 49ers said they’d notified law enforcement and hired cybersecurity firms to assist.

“To date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders,” the team said in a statement, referencing its home stadium.

News of the attack comes two days after the FBI and U.S. Secret Service issued an alert on BlackByte ransomware, saying it had “compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors” since November.

Ransomware gangs, which hack targets and hold their data hostage through encryption, have caused widespread havoc in the last year with high-profile attacks on the world’s largest meat-packing company, the biggest U.S. fuel pipeline and other targets. Western governments have pledged to crack down on the cyber criminals, who operate largely in and around Russia, but have little to show for their efforts.

In the past month, ransomware victims have included operators of maritime fuel depots in Belgium and Germany and media outlets in Portugal. A cyberattack on the wireless provider Vodafone in Portugal this past week had all the hallmarks of ransomware, though the company’s CEO for Portugal said it received no ransomware demand.

[ Read: Law Enforcement Blowback, Cyber Insurance Renewals Powering Anti-Ransomware Success

BlackByte is a ransomware-as-a-service group. That means it’s decentralized, with independent operators developing the malware, hacking into organizations or filling other roles. It’s part of a trend of ransomware groups becoming increasing professionalized. A recent report by the FBI, NSA and others said that ransomware operators are even setting up an arbitration system to resolve payment disputes among themselves.

Brett Callow, a threat analyst at the cybersecurity firm Emisoft, said BlackByte’s malware, like many ransomware variants, is hardcoded to not encrypt systems that use Russian or languages used by certain Russian allies.

But Callow said that doesn’t mean whoever is behind the 49ers attack is in Russia or one of its neighbors.

“Anyone can use the malware to launch attacks,” he said.

Related: DarkSide Shutdown: An Exit Scam or Running for The Hills

Related: REvil Ransomware Gang Hit by Law Enforcement Hack-Back

Related: Colonial Pipeline CEO Explains $4.4M Ransomware Payment

Related: Black Hat 2021: New CISA Boss Unveils Anti-Ransomware Collab

Related: Five Key Signals From Russia’s REvil Ransomware Bust 

Related: US Treasury Sanctions Crypto Exchange in Anti-Ransomware Crackdown 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.