49ers reportedly attacked by ransomware group, financial data posted online
A ransomware group allegedly hacked into the San Francisco 49ers and stole documents, including financial data.
BlackByte, according to The Associated Press, allegedly hacked into the 49ers’ system and then recently posted team documents onto a website in a file marked “2020 Invoices.”
It’s unclear if BlackByte made any ransom demands, and it’s unknown how much data was stolen.
The 49ers said Sunday that it was aware of a “network security incident,” and that it has both contacted law enforcement and hired cybersecurity firms.
"To date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi's Stadium operations or ticket holders," the team said in a statement, via The Associated Press.
Who is BlackByte?
BlackByte is a decentralized ransomware group that has been growing in recent months.
The group is a ransomware-as-a-service group, which uses independent people and agents to develop its hacks. The FBI and Secret Service issued a warning about the group on Friday, and said that it had “compromised multiple U.S. and foreign businesses” since November.
The group, the warning said, leaves a ransom note each time after hacking into a system.
It’s unclear who specifically is behind the 49ers hack. Brett Callow, a threat analyst from Emisoft, told The Associated Press that BlackByte’s malware is set up to not encrypt systems that use Russian or languages used by Russian allies — however that doesn’t mean that the group is Russian. Anyone, he said, can launch such an attack.
