Report: BlackByte Ransomware Gang Targets San Francisco 49ers

pcmag.com:

The San Francisco 49ers has fallen victim to a ransomware attack.

The NFL team confirmed that it was targeted by a ransomware attack in statements to BleepingComputer and The Record. A spokesperson also said the team is collaborating with "third-party cybersecurity firms" and law enforcement organizations to investigate the incident.

The spokesperson told BleepingComputer "we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders."

The San Francisco 49ers hasn't attributed the attack to a particular group, but according to numerous screenshots, the BlackByte ransomware gang has claimed responsibility for the hack on a website used to leak information about its victims to convince them to pay their ransoms.

It hardly seems like a coincidence, then, that the FBI and US Secret Service published a joint advisory regarding the BlackByte ransomware on Feb. 11—one day before BlackByte took credit for the attack and two days before the San Francisco 49ers confirmed it was compromised.

"As of November 2021," the FBI and US Secret Service say in the advisory, "BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture)."

The advisory includes technical details about how the ransomware operates, the indicators of compromise security teams can use to help determine if a system was targeted by the BlackByte ransomware, and recommendations for mitigating the risk of a successful attack.

Sign up for Security Watch newsl