The Super Bowl came by and the BlackByte ransomware group claimed its target. Not only that, but the group has also attacked at least three critical infrastructure organizations in the U.S.
Super Bowl attack
The San Francisco 49ers became the victims of a BlackByte attack that temporarily disrupted the NFL team’s corporate IT network on Super Bowl Sunday. The RaaS group posted stolen internal documents to a site on the dark web. The 49ers stated that data related to its home stadium was probably not compromised. The threat actors have yet not disclosed the ransom amount and the amount of data stolen remains a mystery.
Breaching critical infrastructure
The above attack came only two days after the FBI, along with the U.S. Secret Services issued a joint alert. It stated that BlackByte breached at least three critical infrastructure organizations—government facilities, food & agriculture, and financial—in the past three months. The advisory, furthermore, states that the adversaries abused a Microsoft Exchange Server vulnerability to gain access to some of the networks. Subsequently, they deployed lateral movement and privilege escalation tools before encrypting and pilfering files.
BlackByte is a relatively small ransomware-as-a-service (RaaS) operation active today.
The first attacks came to light in September 2021 and the first version was not very well-coded, leading Trustwave to formulate a free decryptor for the gang’s victims.
As per the joint advisory by the FBI, since November 2021, BlackByte had infected several businesses across the world.
The bottom line
Ransomware gangs are increasingly starting to function like legitimate businesses, selling RaaS to wannabe cyber thieves or other affiliates. The attack against the 49ers could have been devastating if the team had made it to the Super Bowl. The attacks could have discombobulated game preparations. BlackByte seems to be evolving fast and designing decryptors has not been possible yet.