American Football team, the San Francisco 49ers, are currently recovering from a ransomware attack by the Blackbyte ransomware gang, who claim to have stolen the team’s data. The 49ers have confirmed the attack, stating that it temporarily impacted portions of their network.
The team hasn’t confirmed ransomware deployment yet. they’ve reported that the recovery process is still ongoing, hinting at the possibility of their systems being encrypted. They’ve also reported that the attack has only impacted their corporate network. Currently, there’s no indication of threat to any accounts connected to Levi’s Stadium operations or ticker holders.
As the NFL was getting ready for the 2022 Super Bowl, the gang claimed responsibility for the attack. They also leaked a 292 MB archive as part of the stolen data from 49ers. The cybercriminals claim that the archive contains 2020 invoices from the team’s network.
This is known to be BlackByte’s usual mode of operation. They increasingly release more of the victim’s stolen files to further pressurise them into paying the demanded ransom.
The FBI and the U.S. Secret Service had issued a joint cybersecurity advisory about Blackbyte just two days before the news surfaced stating that the cybercriminals compromised multiple US and foreign businesses since November.
Blackbyte is known to find vulnerabilities and gain initial access to corporate networks. However, they’re pretty new to the ransomware scene, launching in July 2021. While they’re not very active as compared to other ransomware groups, they have conducted a number of successful attacks.
They’re also not free of mistakes either. During a hack in October last year, the group made the mistake of reusing the same encryption/decryption keys in several attacks.
This allowed Trustwave, a cybersecurity firm based out of Chicago to create a free decryptor enabling the victims to get away for free, despite BlackByte quickly fixing the issue.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.