What you need to know
- The San Fransisco 49ers were attacked by the BlackByte ransomware group over the weekend.
- The 49ers have notified law enforcement about the attack.
- The BlackByte ransomware group encrypts files on compromised systems in attempts to force payment out of victims.
The BlackByte ransomware group encrypts files as part of attacks to leverage ransom payment out of victims. The FBI and U.S. Secret Service shared a warning about the ransomware group (PDF) on February 11, 2022.
"As of November 2021, BlackByte ransomware had compromised multiple U.S. and foreign businesses, including entities in at least three U.S. critical infrastructure sectors (government facilities, financial, and food & agriculture)," stated the cybersecurity advisory. "BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers."
A San Fransisco 49ers spokesperson explained to ZDNet that the organization believes the incident was limited.
"While the investigation is ongoing, we believe the incident is limited to our corporate I.T. network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi's Stadium operations or ticket holders," said a 49ers spokesperson. "As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible."
The 49ers organization also contacted law enforcement regarding the ransomware attack.
