NFL’s Ransomware Attack – BlackByte Hits San Francisco 49ers

Major sporting events are very exciting and they attract millions of fans from all over the world. Unfortunately, they also attract cybercriminals. A while ago, authorities warned of cyberattacks that may target 2022’s Beijing Winter Olympics. Well, that didn’t happen, but a ransomware attack on the San Francisco 49ers did.

It’s not enough that the team was within a few plays of making it to the Super Bowl and couldn’t, but it also had to deal with the up-and-coming ransomware – BlackByte.

The group behind the malware emerged last year, but now, they’re targeting high-profile victims. The San Francisco 49ers disclosed the breach, and we’ll shed more light on the matter in the following article.

San Francisco 49ers Ransomware Attack – A BlackByte Touchdown

Ransomware attacks are on the rise and they don’t seem to be stopping anytime soon. In the first half of 2021, cybercriminals targeted more than 1,097 organizations. The numbers just got higher as the year passed.

As we mentioned, threat actors always attack high-profile targets, and the San Francisco 49ers are definitely one of those.

BlackByte is kind of new, but it is as dangerous as any other malware. The attack on the legendary team came right after the FBI issued a warning about the ransomware:

“As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).

BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.”

BlackByte usually releases its victims’ data in increasing amounts to pressure them into paying a ransom. The group added a post that involves the data of the San Francisco 49ers and how much are they’re asking for the decryption.

On a “Leak Blog” of theirs, we can see that the threat actors stole 292MB archive of files that include 2020 invoices from the 49ers’ network.

Moreover, as we can see on the website, the group is asking for $530 million in ransom. We’ve included a screenshot below:

BlackByte might be a threat, but it definitely did not stop some firms from finding a solution. In fact, this Ransomware-as-a-service (RaaS) lost its mojo when cybersecurity company Trustwave decided to intervene.

It was able to create a BlackByte decryptor that users can download at GitHub. Apparently, the malware used AES as an encryption method instead of unique keys for each session. In other words, it’s not as sophisticated as other ransomware operators.

The 49ers Responds

The San Francisco 49ers have become the latest victims of ransomware. However, there’s something about BlackByte we felt to be very intriguing.

Emsisoft ransomware expert Brett Callow noted that the ransomware picks its targets carefully. He noted that Blackbyte does not encrypt computers that use the languages of Russia and post-Soviet countries.

Now, as an organization, the 49ers should disclose the data breach, and they did. In a statement, a spokesperson explained the following:

“The San Francisco 49ers recently became aware of a network security incident that resulted in temporary disruption to certain systems on our corporate IT network.

Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident. Third-party cybersecurity firms were engaged to assist, and law enforcement was notified.

While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders.

As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible.”

As you can see, the team clarifies that the incident did not affect systems outside their corporate network. That includes Levi’s Stadium operations and ticket holders.

Ransomware Hits NFL – The 49ers Got BlackBitten

BlackByte launched back in July 2021 as it began targeting corporate victims worldwide. Now, their latest victim is none other than the NFL’s San Francisco 49ers.

The team disclosed the breach and investigations are in place. Let’s hope no critical information was compromised in the process.

In the meantime, make sure you always protect yourself while online. You never know when a threat actor might set his/her eyes on your device and data.