American football team the San Francisco 49ers has suffered a cyberattack at the hands of BlackByte, a fairly recent contender on the ransomware scene.
One of 32 teams in the US National Football League, the 49ers are named after the fortune-seekers who arrived in Northern California in the 1849 Gold Rush. They won five Super Bowl championships between 1981 and 1994.
In a press statement issued yesterday, the organization confirmed it suffered a security incident that disrupted its corporate IT network, prompting it to seek help from cybersecurity experts.
“The San Francisco 49ers recently became aware of a network security incident that resulted in temporary disruption to certain systems on our corporate IT network,” reads a statement provided to BleepingComputer. “Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident. Third-party cybersecurity firms were engaged to assist, and law enforcement was notified.”
BlackByte ransomware operatives claimed responsibility for the breach and reportedly began to leak stolen files immediately after the attack, in a bid to coerce the victim to pay ransom. The stolen data is said to include invoices from the 49ers’ corporate network dating back to 2020.
“While the investigation is ongoing, we believe the incident is limited to our corporate IT network,” the team told the press. “To date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders.”
The team says it is hard at work trying to “restore involved systems as quickly and as safely as possible” as the investigation continues.
BlackByte typically targets networks with unpatched security flaws and uses worm functionality similar to Ryuk to spread laterally across the targeted infrastructure. The malware is programmed to avoid systems with Russian and ex-USSR languages, much like REvil.