The San Francisco 49ers NFL team was hit by a major ransomware attack on the day of the Super Bowl.
The organization confirmed to ZDNet that it was attacked by the BlackByte ransomware group, but thankfully the attack itself was somewhat limited.
In a statement confirming the incident, the 49ers said they "recently became aware of a network security incident" that disrupted their corporate computer network, but nothing more.
data leaks
"Upon learning of the incident, we immediately launched an investigation and took steps to contain the incident. Third-party cyber security companies were engaged to assist us and the police were notified," the statement added.
"While the investigation is ongoing, we believe the incident is limited to our corporate IT network; at this time, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi's Stadium operations. or to ticket holders. As the investigation continues, we are working diligently to restore the systems involved as quickly and safely as possible."
The ransomware operators have a leaked website where they advertise data stolen from compromised endpoints that they plan to release to the public, and data from the San Francisco 49ers appears on the site on Saturday night, just hours before the Super Bowl.
ZDNet also hints that the FBI probably knew about the hack beforehand, as the law enforcement agency issued a warning about BlackByte just a day before the incident was made public.
"Starting in November 2021, BlackByte ransomware compromised multiple US and foreign companies, including entities in at least three US critical infrastructure sectors (government facilities, finance and food and agriculture). BlackByte is a RaaS (ransomware) group as a service) that encrypts files on compromised Windows host systems, including physical and virtual servers,” the FBI warned.
"Some victims have reported that the actors used a known vulnerability in Microsoft Exchange Server as a way to gain access to their networks. Once inside, the actors deploy tools to move laterally through the network and elevate privileges before filtering and encrypting In some cases, BlackByte ransomware actors only have partially encrypted files."
BlackByte, a Ransomware-as-a-service (RaaS) operation, was created last year. The master key (a decryptor, essentially) was made available in October 2021 by cyber security researchers at Trustwave.