Ransomware hackers compromise a popular NBA team’s IT systems

The NBA has confirmed that the Houston Rockets’ IT systems have been compromised by a security incident allegedly operated by a newly created ransomware group. Apparently, the incident would have involved the compromise of confidential information.

Moreover Tracey Hughes, the team’s spokesman, mentions that the attack did not impact the computer’s operations, although he confirmed that threat actors tried to install a dangerous variant of ransomware on their systems, although security tools on their systems allowed the attempted infection to be detected, so the ransomware could not impact the functioning of their systems.

As you will remember, ransomware is a variant of malware that encrypts infected systems in order to demand a reward from affected administrators. In addition, the latest variants of these attacks also involve stealing sensitive information to force ransom payment.

It is still unclear whether the incident actually affected the Houston Rockets’ operations, although this could be confirmed by the attackers themselves. Through its official platform on dark web, Babuk ransomware operators claimed to be behind the attack and have stolen about 500 GB of sensitive information extracted from the affected systems.

Hackers claim that the information will be disclosed if your economic demands are not met, which could be critical for the basketball team, as the leak could include sensitive information.

Moreover, the Houston Rockets spokesman mentions that the team is aware of the claims of these hackers, although it does not confirm whether the reports are real or simple rumors. It’s really possible that it’s all a rumor, as the hackers’ website removed the post about this leak.  

About this variant of ransomware, Babuk is a hacking group that employs a variant of recently created ransomware. Since the beginning of 2021, operators of these attacks have attacked at least 5 large companies, including a couple of transnational companies. The group appears to have English- and Russian-speaking members, although its activity is primarily linked to Russian hacking websites where they recruit new hackers and distribute their own variant of ransomware.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.