Security News > 2022 > February > San Francisco 49ers catch ransomware, sample files leaked online
American football team the San Francisco 49ers have been hit by ransomware, with the criminals responsible claiming to have stolen corporate data and threatened to publish it.
Calling itself Blackbyte, the ransomware gang responsible published samples of stolen documents on a dark web blog over the weekend, as seen by The Register.
About 300MB of files were present on the publicity site used by Blackbyte and are thought to include recent internal finance data for the team.
"The BlackByte executable leaves a ransom note in all directories where encryption occurs," continued the Feds' advisory [PDF ]. "The ransom note includes the.onion site that contains instructions for paying the ransom and receiving a decryption key. Some victims reported the actors used a known Microsoft Exchange Server vulnerability as a means of gaining access to their networks."
Ransomware is now regarded as one of the leading threats to enterprise cybersecurity, with criminals using customized malware to infect corporate networks, steal and encrypt data, and demand a ransom to unlock it and not publish it online.
Various ransomware gangs have renamed themselves over time to avoid attracting international law enforcement attention.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/02/14/49ers_ransomware_blackbyte/