On the eve of the Super Bowl (the main sporting event of the year in the United States, the final match for the title of the NFL champion), the San Francisco 49ers club suffered from a BlackByte ransomware attack. The hackers claim to have stolen data and encrypted the corporate IT network.
Representatives of the team confirmed the fact of the attack, when information about the hack was published on the darknet, on the “site for leaks” of the BlackByte ransomware.
Journalists note that the attack could have had more dramatic consequences if the San Francisco 49ers had qualified for Super Bowl 2022, which took place over the weekend. In this case, the ransomware attack could seriously disrupt the preparation of the team for the game, and ransomware would once again hit the front pages of all American media.
The first BlackByte malware attacks were recorded in September 2021. The ransomware works according to the RaaS (Ransomware-as-a-Service) model, that is, its authors rent the malware to partners of the group who are already hacking and deploying malware in the networks of victims. Partners also steal files from hacked networks, and BlackByte then uses this data as leverage during negotiations.
In the fall of 2021, Trustwave experts released a free decryptor for files affected by BlackByte attacks, but since then, malware developers have introduced a second version of their ransomware, fixing the bugs exploited by the experts.
Interestingly, the day before the attack on the San Francisco 49ers, the FBI published a security bulletin dedicated to BlackByte, which warned the companies and made public indicators of compromise. Because of this, some security experts have suggested that the document already contains indicators of compromise and attack tactics used against the 49ers.
You might also be interested to know that The ransom amount in the ransomware attacks decreased by one third due to companies’ refuse to pay.
