Hacking group is on a tear, hitting US critical infrastructure and SF 49ers

/in


A helmet for the San Francisco 49ers football team.

A couple of days after the FBI warned that a ransomware group called BlackByte had compromised critical infrastructure in the US, the group hacked servers belonging to the San Francisco 49ers football team and held some of the team’s data for ransom.

Media representatives for the NFL franchise confirmed a security breach in an emailed statement following a post on BlackByte’s dark web site, on which the hacker group attempts to shame and scare victims into making big payouts in exchange for a promise not to leak the data and to provide a decryption key that allows the data to be recovered. The recent post made available for download a 379MB file named “2020 Invoices” that appeared to show hundreds of billing statements the 49ers had sent partners including AT&T, Pepsi, and the city of Santa Clara, where the 49ers play home games.

A busy three months

In an emailed statement, franchise representatives said investigators were still assessing the breach.

“While the investigation is ongoing, we believe the incident is limited to our corporate IT network,” the statement said. “To date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders.”

The team said it notified law enforcement and is working with third-party cybersecurity firms to perform the investigation. “[W]e are working diligently to restore involved systems as quickly and as safely as possible,” the statement said.

On Friday, the FBI and the Secret Service issued a joint statement warning that BlackByte, a group first spotted last year, has been on a hacking spree over the past three months and that it has successfully breached an array of sensitive networks.

“As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food and agriculture),” the advisory stated. “BlackByte is a Ransomware as a Service (RaaS) group that encrypts…

Source…