What you need to know
- The San Fransisco 49ers were attacked by the BlackByte ransomware group over the weekend.
- The 49ers have notified law enforcement about the attack.
- The BlackByte ransomware group encrypts files on compromised systems in attempts to force payment out of victims.
As if having to watch their cross-state rivals, the L.A. Rams, win the Super Bowl on Sunday wasn't bad enough, the San Francisco 49ers also had to deal with a ransomware attack over the weekend. The 49ers organization confirmed to ZDNet that it was attacked by the BlackByte ransomware group hours before the Super Bowl began on February 13, 2022.
The BlackByte ransomware group encrypts files as part of attacks to leverage ransom payment out of victims. The FBI and U.S. Secret Service shared a warning about the ransomware group (PDF) on February 11, 2022.
"As of November 2021, BlackByte ransomware had compromised multiple U.S. and foreign businesses, including entities in at least three U.S. critical infrastructure sectors (government facilities, financial, and food & agriculture)," stated the cybersecurity advisory. "BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers."
A San Fransisco 49ers spokesperson explained to ZDNet that the organization believes the incident was limited.
"While the investigation is ongoing, we believe the incident is limited to our corporate I.T. network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi's Stadium operations or ticket holders," said a 49ers spokesperson. "As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible."
The 49ers organization also contacted law enforcement regarding the ransomware attack.