The Superbowl festivities last weekend overshadowed a grim reality for one football team: The San Francisco 49ers. The 49ers have one of the best run franchises in the NFL, but that did not prevent them from falling victim to a ransomware attack. A rogue ransomware organization claims to have gotten access to some financial data belonging to the 49ers and they are seeking ransom or they will share that data on the dark web.
What happened?
The Associated Press reported that ransomware gang BlackByte launched a sophisticated attack on the San Francisco-based NFL team. The 49ers' data was stolen and encrypted by the ransomware group and they are threatening to release the data on the dark web. The specific data in question is a file "labeled 2020 invoices". The ransomware group claims to have sensitive financial data on the team and they are threatening to leak it unless they are paid a certain amount of money.
The 49ers have confirmed that this attack took place and they have stated some of their network data was compromised. The 49ers are currently working with law enforcement and cybersecurity firms to figure out the extent of the attack and the plan of action they can take moving forward.
Damage caused:
Increase in sophisticated ransomware attacks: The FBI and other governmental agencies have been tracking BlackByte for some time and they have stated that the ransom group is behind several other sophisticated attacks on U.S. based businesses. The U.S. government is working diligently to prevent these attacks, but ransomware groups are becoming more sophisticated and moving faster than governmental agencies.
Rise in ransomware-as-a-service: BlackByte offers ransomware-as-a-service to foreign groups and nations. They are decentralized and they can work alongside enemies of the U.S. to attack businesses, governments, and critical infrastructures based in the U.S.
How can other businesses avoid ransomware attacks?
- Follow good cyber hygiene: Ransomware groups target businesses that have the weakest cybersecurity. These are easier wins for them and they tend to avoid businesses with several layers of security. Following good cyber hygiene like doing vulnerability assessments, upgrading systems, changing passwords, etc. is a good first line of defense against ransomware groups.
- Backup files: One of the main reasons why ransomware is devastating is that companies lose their data and their business stops. If you frequently back up your files and data, you will be able to restore some if not all of your data. This will help ensure that your business continues to run in the case of a ransomware attack.
- Educating employees: Your employees are your first line of defense against ransomware attacks. If your employees are ill-trained, they are more likely to click on malicious links and leave your business vulnerable to ransomware attacks. Make sure you train your employees on good cyber hygiene and ransomware awareness to prevent downloading harmful files.
