San Francisco 49ers NFL team discloses BlackByte ransomware attack

Pierluigi Paganini February 13, 2022

A ransomware attack hit the corporate IT network of the San Francisco 49ers NFL team, The Record reported.

The San Francisco 49ers NFL team has fallen victim to a ransomware attack, the news was reported by The Record.

The team disclosed the attack after that the BlackByte ransomware added the team to the list of its victims on its dark web leak site.

San Francisco 49ers blackbyte ransomware

The team told The Record that it immediately launched an investigation into the attack and took steps to contain the incident with the help of third-party cybersecurity firms, it also notified law enforcement.

The company added that it has no indication that the security breach involved systems outside of its corporate network, such as those connected ticket holders.

The Record pointed out that the consequence of the ransomware attack could have been catastrophic if the team had qualified for Super Bowl LVI due to the impact on the team’s game preparations.

The BlackByte ransomware operation has been active since September 2021, in October 2021 researchers from Trustwave’s SpiderLabs released a decryptor that can allow victims of the BlackByte ransomware to restore their files for free.

The experts spotted the BlackByte ransomware while investigating a recent malware incident. The analysis of the ransomware revealed that it was developed to avoid infecting systems that primarily use Russian or related languages.

Unlike other ransomware that may have a unique key in each session, that version of BlackByte was using the same raw key to encrypt files and it uses the symmetric-key algorithm AES. Anyone that could access the raw key would be able to decrypt the files. Trustwave researchers found the way to exploit poot coding to create the decrypter.

In February, the FBI published “Indicators of Compromise Associated with BlackByte Ransomware.”

“This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” reads the advisory. “BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BlackByte ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment