Posted by: Guerrilla Insights Category: Blog Comments: 0

Palm Beach , FL. — Cyber criminals claim to have stolen financial information from the San Francisco 49ers in a ransomware attack.

OLYMPUS DIGITAL CAMERA

 

The ransomware gang BlackByte recently shared some of the reportedly stolen team papers on a dark web site in a file marked “2020 Invoices.” The gang did not make any of its ransom demands public or say how much material it had stolen or encrypted.

 

Despite the team’s status as one of the most valuable and legendary in the NFL, the team stated Sunday that a “network security incident” had recently come to light “Some of its IT network systems had been interrupted by this The 49ers claimed they’d informed law police and recruited cybersecurity firms to assist.

As far as we know, there is no indication that this issue has anything to do with systems connected to Levi’s Stadium operations or ticket holders,” the team stated in a statement, referring to its home stadium.

News of the attack came two days after the FBI and U.S. Secret Service issued a notice on BlackByte ransomware, stating it has “compromised multiple US and foreign businesses, including institutions in at least three US vital infrastructure sectors” since November.

Ransomware gangs, who breach companies and hold their data hostage through encryption, have caused widespread damage in the previous year with high-profile attacks on the world’s largest meat-packing industry, the biggest U.S. petroleum pipeline and other targets. Western governments have committed to crack down on the cyber criminals, who operate mostly in and around Russia, but have nothing to show for their efforts.

In the previous month, ransomware victims have included operators of naval fuel depots in Belgium and Germany and media sites in Portugal. The CEO of Vodafone Portugal stated the business received no ransomware demand in the course of a recent cyberattack on the Portuguese wireless operator.

BlackByte is a ransomware-as-a-service outfit. That means it’s decentralized, with independent operators generating the malware, breaking into businesses or filling other functions. It’s part of a trend of ransomware gangs getting highly professionalized. A recent study by the FBI, NSA and others revealed that ransomware operators are even building up an arbitration system to handle payment issues among themselves.

According to Guerrilla insights’ Brian Coulanges, “BlackByte’s malware is hardcoded to not encrypt systems that utilize Russian or languages used by particular Russian partners.”

But Brian added that doesn’t mean whoever is behind the 49ers attack is in Russia or one of its neighbors.

“Large Scale Malware can be used to launch assaults by anybody “he stated.