Cyber Incident Targets 49ers’ Corporate IT Networks
The 49ers are coming off a positive season after almost reaching the Super Bowl despite an unimpressive regular-season record. Ultimately, they fell to the eventual champions, the Los Angeles Rams, in the NFC Championship Game. But while the Rams were preparing for the biggest football game of the year, the 49ers organization had to deal with a cyberattack instead. The incident disrupted some of the 49ers’ corporate IT network systems. As of now, it appears as though the attack did not affect the team’s stadium or any systems affecting ticket-holders. “To date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders,” the 49ers stated.
Ransomware Group BlackByte Claims Responsibility
The 49ers’ organization has informed the concerned law enforcement departments about the incident. It has also hired cybersecurity experts to help them recover from the attack. Currently, the 49ers have not confirmed the exact nature of the cyber attack. However, the ransomware group BlackByte has listed the 49ers on their website in their list of victims. This is name-and-shame tactic is generally used to pressure victims into paying ransoms. The team’s vice president for corporate communications, Roger Hacker, declined to comment on whether the organization received a ransom demand. BlackByte is a ransomware-as-a-service (RaaS) group. This means that the group provides their ransomware to other cybercriminals for a fee. Usually, the malware authors also receive a slice of the ransom. This means that, even though BlackByte is the author of the ransomware, the actors responsible for infecting the 49ers are unknown.
Federal Agencies Warned US Companies about BlackByte
The incident comes after the FBI and other federal agencies warned US companies about BlackByte ransomware. They said that it had been used to compromise US organizations in critical sectors. According to Brett Callow, threat analyst at Emisoft, the malware is hardcoded to not affect systems that use the Russian language. However, the identity of the hackers remains unclear. If you found this story interesting and want to learn more about ransomware, check out our easy guide here. You can learn all about how ransomware attacks work and what you can do to protect yourself.