San Francisco 49ers Tackled by Ransomware
The NFL’s San Francisco 49ers recently became a victim of a ransomware attack, with the threat actors claiming that they have stolen some of its financial data.
The infamous Blackbyte cybercrime group posted some of the purportedly stolen documents on the dark web “leak site” which the group typically uses to shame its victims and force them into paying their extortion demands. Even so, the gang didn’t make its ransom demands public or specify the amount of data it had encrypted or stolen.
The San Francisco 49ers, which features among the most storied and valuable franchises in the NFL (sixth most valuable NFL franchise on Forbes’ list at $4.5 billion), said in a statement on Sunday that it recently became aware of a network security incident that disrupted some of its corporate IT network systems.
The team said that upon learning of the incident, they initiated an investigation and took measures to contain the incident. They added that while the investigations are still ongoing, they currently believe that the incident is only limited to their corporate IT networks and that there are no indications that the attack involved systems outside of its corporate network, like the ones connected to ticket holders or Levi’s Stadium operations.
They also said that they had appraised law enforcement of the incident and they have also partnered with third-party cybersecurity companies to investigate the attack.
Who Is Blackbyte?
Blackbyte is a so-called ransomware-as-a-service group. This means that it is decentralized – independent operators develop malware, hack into organizations, or file other roles. This is part of a trend that has seen ransomware groups becoming more professionalized.
Blackbyte ransomware group launched its operations in July 2021 when it began to target corporate victims all over the world. It launched its first attack in September 2021. However, this first version of the ransomware attack wasn’t properly coded. This allowed cybersecurity firm, Trustwave, to find a weakness and use it to create a free decryptor. In the following weeks, Blackbyte released the second version, without the encryption bug, which it has been using since then.
According to an alert issued by the secret service and the FBI, Blackbyte has compromised several US and foreign businesses, including entities in at least three US critical infrastructure sectors since November last year. It is known for utilizing vulnerabilities to gain initial access to a corporate network. As such, it’s vital that organizations always have the latest software installed.
In ransomware attacks, cybercriminals encrypt an organization’s data and then demand payment to decrypt it. Brett Carlow, a threat analyst at the cybersecurity firm Emsisoft, said that Blackbyte’s malware, just like many other ransomware variants, is hardcoded not to encrypt systems that use Russian or languages that are used by certain Russian allies.
Even so, that does not necessarily mean that whoever is behind the San Francisco 49ers attack is in Russia or one of its neighboring countries.
The Attack Could Have Been Calamitous in a “What If” Scenario
The Super Bowl Sundays wasn’t so super for the San Francisco 49ers following the ransomware attack that targeted its corporate IT network. This was after the team lost the NFC playoff last month to the Los Angeles Rams in a tightly fought contest whose score was 20 to 17. That said, the attack would have been calamitous had the team qualified for Super Bowl LVI, which would have taken place this previous weekend.
Had the San Francisco 49ers made it to the Super Bowl, this ransomware attack could have severely disrupted the team’s game preparation. This attack brings ransomware to the forefront of the US media cycle once again after high-profile incidents that took place last year including the Colonial Pipeline and Kaseya attacks.
However, it’s not clear how the current attack will affect the team’s plan for the next NFL season, which is scheduled to start later this month with the free agency signing period, the NFL combine event, and the subsequent NFL draft.
Are Ransomware Attacks Increasing, or Just Becoming More High Profile?
Without a question, we are seeing an explosion of ransomware attacks, and the recent attack on the San Francisco 49ers is an indication that this threat isn’t going away anytime soon. According to a SonicWall report, ransomware attacks rose by 66% globally, and by 152% in North America alone, between 2019 and 2020.
In addition, according to an Internet crime report, the FBI received approximately 2,500 ransomware complaints in 2020. This denotes a 20% increase from the 2019 figure. The average cost of cyberattacks in 2021 has increased from $3.86 million to $4.24 million according to IBM.
The main reason for the increase in these attacks is that more companies are opting to pay a ransom to get their data back, and threat actors are taking notice of that. In fact, a recent Institute of Security and Technology report discovered that the number of victims paying ransom increased by more than 300% from 2019 to 2020. It’s the proverbial, get-rich scheme for most cybercriminals.
Another reason that may be fuelling these attacks is the rise of cryptocurrencies such as Bitcoins. Cryptocurrencies are less regulated and are therefore harder to trace. There’s also a lot of anonymity when transacting using cryptocurrencies. This makes them attractive to hackers.
A third reason as to why there’s an uptick in ransomware attacks is simply the growing number of internet users. Whereas the number of internet users has grown steadily since the inception of the web, the COVID-19 pandemic prompted a spike in internet usage, more so as many people shifted to learning and working remotely.
Veltec Networks Can Help You Manage the Risk of Cybersecurity
Cybersecurity attacks are a menace, and they don’t discriminate between large organizations like the San Francisco 49ers or smaller businesses. As such, it is important to establish sound cybersecurity measures to avoid becoming a victim of such attacks. Veltec Networks can help you towards that end.
When you hire Veltec Networks as your trusted cybersecurity partner, you’ll immediately have a team of IT security experts who’ll ensure that your customer records, computer network, accounting data, and emails are secure from threat actors, ransomware, and all threats.
Contact us to schedule a conversation about the importance of ransomware protection and make sure you have the right cybersecurity solutions in place.