On the eve of the Super Bowl, the San Francisco 49ers were attacked by extortionists

San Francisco 49ers and ransomware
Written by Emma Davis

On the eve of the Super Bowl (the main sporting event of the year in the United States, the final match for the title of the NFL champion), the San Francisco 49ers club suffered from a BlackByte ransomware attack. The hackers claim to have stolen data and encrypted the corporate IT network.

Representatives of the team confirmed the fact of the attack, when information about the hack was published on the darknet, on the “site for leaks” of the BlackByte ransomware.

San Francisco 49ers and ransomware

Upon learning of the incident, we immediately launched an investigation and took steps to contain the attack. While the investigation is still ongoing, we believe the incident was limited to our corporate IT network. To date, we have no evidence to indicate that this incident affected systems outside of our corporate network related to Levi’s stadium promotions and ticket holders.representatives of the affected party told The Record.

Journalists note that the attack could have had more dramatic consequences if the San Francisco 49ers had qualified for Super Bowl 2022, which took place over the weekend. In this case, the ransomware attack could seriously disrupt the preparation of the team for the game, and ransomware would once again hit the front pages of all American media.

The first BlackByte malware attacks were recorded in September 2021. The ransomware works according to the RaaS (Ransomware-as-a-Service) model, that is, its authors rent the malware to partners of the group who are already hacking and deploying malware in the networks of victims. Partners also steal files from hacked networks, and BlackByte then uses this data as leverage during negotiations.

In the fall of 2021, Trustwave experts released a free decryptor for files affected by BlackByte attacks, but since then, malware developers have introduced a second version of their ransomware, fixing the bugs exploited by the experts.

Interestingly, the day before the attack on the San Francisco 49ers, the FBI published a security bulletin dedicated to BlackByte, which warned the companies and made public indicators of compromise. Because of this, some security experts have suggested that the document already contains indicators of compromise and attack tactics used against the 49ers.

You might also be interested to know that The ransom amount in the ransomware attacks decreased by one third due to companies’ refuse to pay.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply