NFL team confirms ransomware attack hours before the Super Bowl

A few hours before the Super Bowl, the San Francisco 49ers security teams confirmed the detection of a ransomware attack on their corporate networks. The attack was confirmed by the NFL team after the operators of the BlackByte ransomware included the 49ers in their list of victims, published on a dark web platform.

In its report, the team claims to have implemented advanced mitigation mechanisms and initiated an investigation after detecting the attack: “While the investigation is ongoing, we believe that the incident is limited to our corporate network; to date, we have no indication that this incident involves external resources such as Levi’s Stadium’s control systems,” the statement said.

The incident has already been notified to the competent authorities and the 49ers are working together with an external cybersecurity firm for the investigation of the attack, so they expect that the affected systems will be restored shortly.

San Francisco nearly played in the Super Bowl, a scenario in which the ransomware attack could have severely affected the team’s sports readiness and logistics at a time when ransomware groups have become a critical security threat to the U.S. government.

While the incident had no impact on the big NFL game, cybersecurity specialists mention that it is still difficult to determine what the impact of the incident will be on the team’s operations, which could generate problems ahead of the NFL Draft, to be held in the coming days.

BlackByte is a ransomware-as-a-service (RaaS) operation, very small compared to other cybercriminal groups but could increase in the coming weeks. Like other operations, ransomware affiliates can steal information for double extortion purposes, threatening to leak sensitive information if victims refuse to pay ransoms.

In late 2021, the FBI reported that the BlackByte ransomware had compromised multiple U.S. and foreign companies, including at least three critical infrastructure agencies such as financial networks, distribution chains, and government facilities, among others.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.