San Francisco 49ers have Been Hit by a Ransomware Attack

Football Team

A ransomware attack has attacked the San Francisco 49ers, with cyber hackers claiming to have stolen part of the football team’s financial data.

Some of the allegedly stolen team documents were recently leaked on a dark web site by the ransomware gang BlackByte in a file labelled “2020 Invoices.” The gang didn’t make any of their ransom demands public, nor did they say how much data they had stolen or encrypted.

The team, which is one of the most valuable and storied in the NFL and recently lost a close playoff game, said in a statement Sunday that it had recently been aware of a “network security incident” that had impacted several of its corporate IT network systems. The 49ers claimed they’d alerted authorities and enlisted the help of cybersecurity firms.

The team claimed in a statement that “to date, we have no indication that this problem includes systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders.”

The attack comes only two days after the FBI and the US Secret Service issued a warning about the BlackByte ransomware, which had “compromised many US and foreign businesses, including entities in at least three US critical infrastructure sectors” since November.

Ransomware gangs, which hack organisations and encrypt their data, have wreaked havoc in the last year with high-profile attacks on the world’s largest meatpacking industry, the country’s largest gasoline pipeline, and other targets. Western governments have promised to crack down on cyber criminals operating primarily in and around Russia, but their efforts have so far yielded little fruit.

Maritime fuel depot operators in Belgium and Germany, as well as media outlets in Portugal, have all been victims of ransomware in the last month. Although the hack on Vodafone in Portugal this week bore all the signs of ransomware, the firm’s CEO for Portugal declared the business had received no ransomware demand.

BlackByte is a company that provides ransomware as a service. That implies it’s decentralised, with independent operators creating malware, breaking into businesses, and filling other functions. It’s part of a growing trend of ransomware organisations getting more professionalised. Ransomware operators are even setting up an arbitration system to resolve payment issues among themselves, according to a new study by the FBI, NSA, and others.

BlackByte’s software, like many ransomware variations, is hardcoded to not encrypt systems that utilise Russian or languages spoken by select Russian allies, according to Brett Callow, a threat analyst at cybersecurity firm Emisoft.

But, according to Callow, that doesn’t indicate the perpetrators of the 49ers attack are from Russia or one of its neighbours.

“Anyone can launch attacks using the malware,” he stated.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.