The 49ers would prefer to call it a “network security incident,” but team documents are now posted on the dark web, and the hackers may have plenty more breached data to expose if the 49ers don’t pay up.
Anyone who watched Sunday’s Super Bowl knows that cryptocurrency had its Pets.com coming out party during the game’s commercial breaks, a true arrival moment for blockchain and crypto. But some blockchain and crypto enthusiasts looked to score more points on Saturday, the day before the Super Bowl, as CNN reports that a ransomware gang infiltrated the 49ers IT systems, and internal financial documents have been posted to the dark web.
The 49ers prefer to call it a “network security incident,” but acknowledged in a Sunday statement that they had indeed been hit by a ransomware attack. “To date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders,” the team said in their statement. “As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible.”
The 49ers’ vice president for corporate communications Roger Hacker (yes, that is his name, have at it in the comments) declined to acknowledge to CNN whether it was a ransomware attack. But the Associated Press reports on ESPN that “The ransomware gang BlackByte recently posted some of the purportedly stolen team documents on a site on the dark web in a file marked ‘2020 Invoices.’”
BlackByte is a known ransomware-as-a-service (RaaS) operator, and according to TechCrunch, the group leaked “a small number of files it claims to have been stolen.” So there could be plenty more to come. And this is really part of a larger attack that the FBI and Secret Service warned of Friday, saying this particular BlackByte attack was targeting “at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture).”
“Ransomware-as-a-service (RaaS)” is the co-opting of button-down tech company terminology, and it essentially means that you can buy or rent the BlackBytes malware to conduct your own attack with it. That makes it harder for law enforcement to track down the actual perpetrators; it’s not necessarily the ransomware gang who did the job, it could be one of their customers. The system has gotten so sophisticated that according to the AP, “ransomware operators are even setting up an arbitration system to resolve payment disputes among themselves.”
There has been no ransom announced, and that information may never become public. But these ransoms almost always request payment in cryptocurrency. Which is just one reason why all this blockchain mania confuses the general public — if the blockchain generates such secure and trustworthy records of transactions, why do criminals prefer it? Wouldn’t secure and trustworthy records make it easier to find and arrest the criminals?
These are bigger picture questions, and right now the 49ers (and god knows how many other breached organizations) have a more immediate problem on their hands. But in the days after the four cryptocurrency ads played during the Super Bowl, one NFL team might have a sudden need to purchase large volumes cryptocurrency — just so they can pay off criminals with it.
Related: Hackers Execute Ransomware Attack on Asian Art Museum [SFist]