Quick News Bit

Blackbyte ransomware hits San Francisco 49ers ahead of Super Bowl | ZDNet

0

Hours before the Super Bowl kicks off, the San Francisco 49ers were added to the list of victims of the Blackbyte ransomware group. The San Francisco 49ers were within a few plays of making it to the Super Bowl two weeks ago.

The team did not respond to requests for comment but confirmed the attack to The Record and Bleeping Computer. The San Francisco 49ers showed up on the group’s leak site late Saturday evening and said in a statement that only its corporate IT network was affected by the attack. 

blacbyte.jpg

Law enforcement has been contacted and the company said it is still in the process of investigating the incident. The attack comes just one day after the FBI released a warning about the BlackByte ransomware group. 

“As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture). BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers,” the FBI said. 

“Some victims reported the actors used a known Microsoft Exchange Server vulnerability as a means of gaining access to their networks. Once in, actors deploy tools to move laterally across the network and escalate privileges before exfiltrating and encrypting files. In some instances, BlackByte ransomware actors have only partially encrypted files.”

The group emerged last year but cybersecurity company Trustwave was able to make a BlackByte decryptor available for download at GitHub in October. 

Research by the company showed that the first version of the BlackByte ransomware downloaded and executed the same key to encrypt files in AES — rather than unique keys for each session — like those usually employed by more sophisticated ransomware operators. A second, less vulnerable version of the ransomware was released in November, as the FBI noted. 

Emsisoft ransomware expert Brett Callow said Blackbyte is a Ransomware-as-a-service (RaaS) operation and the individuals who use it to carry out attacks may or may not be based in the same country as the primary team. 

“Like multiple other types of ransomware, Blackbyte does not encrypt computers which use the languages of Russia and post-Soviet countries,” Callow said.  

A Red Canary analysis of the ransomware found operators gained initial access by exploiting the ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) present on a customer’s Microsoft Exchange server. 

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment