San Francisco 49ers Hit by Blackbyte Ransomware Attack

Colin Thierry Colin Thierry

The NFL’s San Francisco 49ers fell victim to a cyberattack on Saturday by the Blackbyte ransomware group, which claims to have stolen data from the organization.

The 49ers confirmed the attack in a media statement and said that it caused a temporary disruption to sectors of their IT network.

Although the 49ers did not confirm whether the hackers were successful, they said that they are still in the process of recovering systems while indicating that devices were likely encrypted.

“The San Francisco 49ers recently became aware of a network security incident that resulted in temporary disruption to certain systems on our corporate IT network,” the organization said in the media statement. “Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident.”

While the investigation is still ongoing, the 49ers said that they believe the attack was limited to their corporate IT network.

“As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible,” the 49ers added.

The BlackByte ransomware gang claimed responsibility for the 49er’s attack on Saturday by beginning to leak files that they claimed were stolen files.

The leaked data is a 292MB archive of files that the hackers said were 2020 invoices stolen from the 49ers’ network. BlackByte usually releases its victims’ data in increasing amounts to pressure the victim into paying to retrieve the stolen data.

While it is unknown how much data has been stolen during the attack on the 49ers, BlackByte has stolen gigabytes of data from previous victims.

BlackByte Ransomware

The BlackByte ransomware operation launched in July when it began targeting corporate victims worldwide.

The FBI and Secret Service released a statement on Friday that warned that BlackByte had “compromised multiple US and foreign businesses” since November.

While the ransomware gang is not as quite active compared to others, they have still managed to conduct multiple successful attacks over the past few months. BlackByte is primarily known for using security vulnerabilities in order to gain initial access to a corporate network.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.