San Francisco 49ers NFL team discloses BlackByte ransomware attack

A ransomware attack hit the corporate IT network of the San Francisco 49ers NFL team, The Record reported.

The San Francisco 49ers NFL team has fallen victim to a ransomware attack, the news was reported by The Record.

The team disclosed the attack after that the BlackByte ransomware added the team to the list of its victims on its dark web leak site.

The team told The Record that it immediately launched an investigation into the attack and took steps to contain the incident with the help of third-party cybersecurity firms, it also notified law enforcement.

The company added that it has no indication that the security breach involved systems outside of its corporate network, such as those connected ticket holders.

The Record pointed out that the consequence of the ransomware attack could have been catastrophic if the team had qualified for Super Bowl LVI due to the impact on the team’s game preparations.

The BlackByte ransomware operation has been active since September 2021, in October 2021 researchers from Trustwave’s SpiderLabs released a decryptor that can allow victims of the BlackByte ransomware to restore their files for free.

The experts spotted the BlackByte ransomware while investigating a recent malware incident. The analysis of the ransomware revealed that it was developed to avoid infecting systems that primarily use Russian or related languages.

Unlike other ransomware that may have a unique key in each session, that version of BlackByte was using the same raw key to encrypt files and it uses the symmetric-key algorithm AES. Anyone that could access the raw key would be able to decrypt the files. Trustwave researchers found the way to exploit poot coding to create the decrypter.

In February, the FBI published “Indicators of Compromise Associated with BlackByte Ransomware.”

“This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).” reads the advisory. “BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BlackByte ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.