Like the rest of us, those in the San Francisco 49ers organization had its sights set on enjoying the festivities and contagious atmosphere of the Super Bowl. But their ability to enjoy the pinnacle event of the NFL season was rudely cut short when its network systems were comprised by a ransomware attack.
A notorious cybercrime group called BlackByte claimed responsibility for the attack, and posted several invoices on its own Dark Web site. The team notified law enforcement, and has engaged cybersecurity firms to investigate the attack. The team was able to confirm that only its internal systems were compromised, and that outside systems, such as Levi Stadium and ticket holder apps, were unaffected.
BlackByte is a recent arrival to the ransomware scene. It is the latest in a long line of Ransomware-as-a-Service (RaaS) tools. It’s primarily used to encrypt files on Windows-based systems, including Azure, physical, and virtual devices.
How the tool work varies, depending on the version. Older versions utilize a known vulnerability in Microsoft Exchange Server, while newer versions may only partially encrypt files. Victims are directed to a .onion site for payment instructions and options in exchange for a decryption key, typically via a .png file which serves as a ransom note, placed in each encrypted folder.
Although BlackByte was first reported in November 2021, a new bulletin was issued by the FBI and U.S. Secret Service on Feb. 15, three days after the attack on the 49ers organization. BlackByte is known to have caused multiple compromises in both the private and government sector.
With BlackByte at their fingertips, attackers are boldly attacking critical public infrastructures and businesses with highly visible profiles.
This demonstrates that attackers are growing more prolific at their craft, while showing little or no fear of suffering legal repercussions.
The most critical step in avoiding falling victim to BlackByte and other emerging RaaS tool kits is to harden your systems as much as possible. Ensuring that systems are fully patched is one obvious area that many consumers, government agencies, and businesses fall short of accomplishing.
Not only should this include operating system, network hardware, and virtual devices, but should address third-party patching as well, from vendors like Adobe.
Consumer and user education needs to remain on the forefront of ransomware protection activities, while noting that social conditioning as it now stands may continue to present a challenge for some time. Taking a step-by-step approach to developing safe user and systems management behaviors can keep your organization from feeling like it got run over by a 49ers linebacker.