Lyra Martin Tech 09.03.2022 00:Sep AM EDT

NFL’s San Francisco 49ers Fall Victim to Blackbyte Ransomware Gang

The San Francisco Bay Area's 49ers disclosed that BlackByte was responsible for a data breach that exposed the private information of 20,930 individuals.

BlackByte Attacked San Fransisco 49ers Affecting 20,000 Individuals

According to an article by Bleeping Computer, National Football League's (NFL) San Fransisco 48ers have been sending notification emails since Thursday, September 1, as a result of the recent data breach that seized the information of about 20,000 individuals.

The San Francisco Bay Area's professional American football club has announced that a data breach that happened between February 6 to 11 exposed the personal data of 20,930 people, including their names and Social Security numbers.

On February 12, as the NFL prepared for Super Bowl 2022, the BlackByte gang admitted to leaking 49ers network information, which included a 292 MB data bundle containing 49ers tickets.

In letters written to affected people starting Thursday, the 49ers stated they had gone through all the records to categorize the individuals whose details were compromised and had an additional investigation to locate and validate their addresses.

The 49ers claimed that the incident briefly disrupted their IT network, but they remained silent on whether the perpetrators used ransomware. Given that the hacked systems are still recovering, it is evident that the infected devices were likely encrypted.

According to The Record, when questioned about the possibility that further data was stolen as a result of the ransomware assault, the company refused to comment.

The attack victims will get a free year of Experian's credit monitoring and identity theft prevention services as compensation. Additionally, the team has implemented a variety of security measures, including training staff members on security and setting up a victim contact center to ensure that the likelihood of the assault occurring may be averted.

BlackByte Has Come Back With a New Website

After going on a break, the ransomware operation of BlackByte now has a new data leak website, according to a report from Bleeping Computer.

Through Twitter accounts controlled by the threat actor and hacker forums, they advertised its new website. Its most recent iteration of its operations is known as BlackByte version 2.0.

The group's new data leak website is accessible through Tor, albeit it is uncertain whether the ransomware encryptor has also been updated. Its new extortion methods implemented by BlackByte, version 2.0, are directly derived from those used by LockBit.

Although they only have one victim in its data leak site, they have added new extortion schemes that let victims pay a varying cost depending on their income.

They may pay $5,000 to prolong the publishing of their data by 24 hours, $200,000 to download the data, or $300,000 to erase all of the data.

The hackers behind the BlackByte ransomware campaign began infiltrating company networks in the summer of 2021 to steal data and encrypt devices.

These people, according to a joint notice from the Federal Bureau of Investigation and the Secret Service, were also behind attacks on critical infrastructure sectors including political, financial, and food and agricultural institutions.

BlackBytes's attack that they carried out on the San Francisco 49ers of the National Football League is the one that stands out as being particularly heinous in people's minds.