The San Francisco 49ers NFL franchise has been hit by a cyber-attack by the BlackByte ransomware gang, who have said that data was stolen from the organisation. The 49ers confirmed the attack in a statement and said it caused a temporary disruption to portions of their IT network.
It has not yet been confirmed by the 49ers whether or not the hackers successfully deployed the ransomware, but they are still in the process of recovering systems, which suggests devices were likely encrypted.
A spokesperson for the 49ers said: “The San Francisco 49ers recently became aware of a network security incident that resulted in temporary disruption to certain systems on our corporate IT network. Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident. Third-party cybersecurity firms were engaged to assist, and law enforcement was notified.
“While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders. As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible.”
To conduct a ransomware attack, threat actors breach a corporate network and silently spread to other devices while stealing data. The hackers ultimately deploy malware that encrypts all of the devices on the network, while leaving ransom notes demanding a cryptocurrency payment to receive a decryptor. The ransomware gangs then use the stolen files as leverage, threatening to release them if they are not paid a ransom.
The BlackByte gang claimed responsibility for the 49er’s attack the day before the 2022 Super Bowl, by beginning to leak files that they claim are stolen files. The leaked data is a 292MB archive of files that the threat actors say are stolen 2020 invoices from the 49ers’ network. BlackByte usually releases its victims’ data in increasing amounts to further pressure the victim into paying.
While it is not known how much data has been stolen during the attack on the 49ers, BlackByte has stolen gigabytes of data from previous victims. The ransomware gang is known to utilise vulnerabilities to gain initial access to a corporate network, illustrating the need to always have the latest software updates installed.