The BlackByte ransomware gang claims to have stolen data from the NFL’s San Francisco 49ers. The attack caused a temporary disruption to the organization’s networks, but the full extent of the attack is still under investigation. It is believed that the 49ers’ devices were likely encrypted, although it has not been confirmed. The breach was announced hours before the kickoff to the Superbowl. The threat actors stated they have stolen 2020 invoices from the 49ers network, although it is unclear how much data has been stolen. BlackByte is known for releasing victim data in increasing amounts to pressure the victim into paying a ransom. A member of the 49ers organization released the following statement on the situation. “The San Francisco 49ers recently became aware of a network security incident that resulted in temporary disruption to certain systems on our corporate IT network. Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident. Third-party cybersecurity firms were engaged to assist, and law enforcement was notified. While the investigation is ongoing, we believe the incident is limited to our corporate IT network; to date, we have no indication that this incident involves systems outside of our corporate network, such as those connected to Levi’s Stadium operations or ticket holders. As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible.”
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is