News of the incident broke just hours before the kickoff of
San Francisco 49ers confirm network security incident; ransomware gang claims responsibility
“As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible,” the 49ers said.
Hackers behind a type of ransomware known as BlackByte listed the 49ers on their website of alleged victims, a tactic that cybercriminals often use to pressure organizations into paying a ransom.
The FBI and Secret Service told US companies in a February 11 advisory to be on the lookout for BlackByte ransomware, which the agencies said had been used to compromise US organizations in the government facilities, financial, and food and agriculture sectors.
BlackByte is just one of several types of ransomware whose owners operate what is known as a “ransomware as a service” business model. The ransomware’s owner sells access to the malicious code to other cybercriminals, who carry out ransomware attacks and typically split the proceeds with the owner. The diffuse nature of the criminal operation can make it harder for law enforcement officials to trace.
The Biden administration has sought to aggressively crack down on the system that allows ransomware to flourish — from helping arrest alleged ransomware operatives in Europe to sanctioning cryptocurrency exchanges that facilitate ransom payments.
But while some ransomware groups have cut back on attacks, others have continued to try to extort US businesses. Cybercriminals received more than $1.2 billion in ransom payments in 2020 and 2021 combined, according to cryptocurrency-tracking firm Chainalysis.
Cybersecurity has been a consideration for federal officials preparing for Sunday’s Super Bowl. The Department of Homeland Security says some of the 500 personnel helping with physical and cybersecurity at the event have conducted cybersecurity assessments of game-day infrastructure.