San Francisco 49ers confirm network security incident; ransomware gang claims responsibility

A 49ers player holds his helmet during the NFL game between the San Francisco 49ers and the Los Angeles Rams on January 9.

(CNN)The San Francisco 49ers football team said Sunday a "network security incident" had disrupted some of the organization's computer systems, after a ransomware gang claimed the NFL franchise as a victim.

News of the incident broke just hours before the kickoff of Super Bowl LVI, which the 49ers would be playing in if they hadn't narrowly lost to the Los Angeles Rams two weeks ago.
Roger Hacker, the 49ers' vice president for corporate communications, declined to comment when CNN asked whether ransomware was involved in the incident.
      The incident appeared to be "limited to our corporate IT network" and did not affect computer systems involved in the team's stadium operations or systems related to ticket holders, the 49ers said in a statement to CNN.
        "Upon learning of the incident, we immediately initiated an investigation and took steps to contain the incident," the statement reads.
          The 49ers hired cybersecurity firms to recover from the incident and notified law enforcement officials, the franchise said.
          "As the investigation continues, we are working diligently to restore involved systems as quickly and as safely as possible," the 49ers said.
          Hackers behind a type of ransomware known as BlackByte listed the 49ers on their website of alleged victims, a tactic that cybercriminals often use to pressure organizations into paying a ransom.
          The FBI and Secret Service told US companies in a February 11 advisory to be on the lookout for BlackByte ransomware, which the agencies said had been used to compromise US organizations in the government facilities, financial, and food and agriculture sectors.
          BlackByte is just one of several types of ransomware whose owners operate what is known as a "ransomware as a service" business model. The ransomware's owner sells access to the malicious code to other cybercriminals, who carry out ransomware attacks and typically split the proceeds with the owner. The diffuse nature of the criminal operation can make it harder for law enforcement officials to trace.
          The Biden administration has sought to aggressively crack down on the system that allows ransomware to flourish -- from helping arrest alleged ransomware operatives in Europe to sanctioning cryptocurrency exchanges that facilitate ransom payments.
            But while some ransomware groups have cut back on attacks, others have continued to try to extort US businesses. Cybercriminals received more than $1.2 billion in ransom payments in 2020 and 2021 combined, according to cryptocurrency-tracking firm Chainalysis.
            Cybersecurity has been a consideration for federal officials preparing for Sunday's Super Bowl. The Department of Homeland Security says some of the 500 personnel helping with physical and cybersecurity at the event have conducted cybersecurity assessments of game-day infrastructure.