The San Francisco 49ers have been hit by a ransomware attack, with cybercriminals insisting they stole some of the football team’s financial data.
The ransomware gang BlackByte lately posted some of the purportedly stolen team articles on a dark website in a file marked “2020 Invoices.” The gang did not bring about any of its ransom demands public or specify how much data it had looted or encrypted.
The team, which is among the most valuable and storied licenses in the NFL and lost a close playoff game two weeks ago, told in an announcement Sunday that it recently became aware of a “network security incident” that had disrupted some of its corporate IT web systems. The 49ers said they’d informed law enforcement and employed cybersecurity firms to help.
“To date, we do not reflect that this incident involves systems outside of our corporate network, such as those related to Levi’s Stadium operations or ticket holders,” the team explained in a declaration, referencing its home stadium.
News of the attack reaches two days after the FBI and U.S. Secret Service handed out an alert on BlackByte ransomware, saying it had “compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors” since November.
Ransomware gangs, which hack targets and hold their data hostage through encryption, have caused extensive havoc in the last year with high-profile raids on the world’s largest meat-packing corporation, the biggest U.S. fuel pipeline, and other targets. Western governments have promised to crack down on the cybercriminals, who regulate largely in and around Russia but have small to show for their actions.
In the past month, ransomware victims have included operators of maritime fuel stations in Belgium and Germany and media outlets in Portugal. A cyberattack on the wireless provider Vodafone in Portugal this past week had all the hallmarks of ransomware, though the company’s CEO for Portugal said it received no ransomware request.
BlackByte is a ransomware-as-a-service organization. That means it’s decentralized, with independent operators developing the malware, hacking into groups, or filling other roles. It’s part of a trend of ransomware groups evolving increasingly professionalized. A recent report by the FBI, NSA, and others said that ransomware operators are even setting up an arbitration system to settle payment conflicts among themselves.
Brett Callow, a threat critic at the cybersecurity firm Emisoft, said BlackByte’s malware, like many ransomware variants, is hardcoded to not encrypt networks that use Russian or languages used by certain Russian supporters.
But Callow told that doesn’t mean whoever is behind the 49ers attack is in Russia or one of its neighbors.
“Anyone can use the malware to takeoff attacks,” he said.