The BlackByte ransomware group has compromised entities in no less than three US important infrastructure sectors, in line with a joint warning issued (PDF) by the FBI and the US Secret Service on February eleventh. Days after that, proper earlier than the Super Bowl, the group has additionally infiltrated servers owned by the San Francisco 49ers. The group’s representatives have confirmed the hack after BlackByte posted a file that it supposedly stole from the 49ers on its web site, in line with Ars Technica. That 379MB file reportedly contained billing statements despatched by the group to its companions that embody AT&T and Pepsi.

The 49ers’ reps stated they imagine “the incident is limited to [their] corporate IT network” and has no indication that it concerned outdoors programs, resembling these “connected to Levi’s Stadium operations or ticket holders.” They’ve notified regulation enforcement and are working with third-party cybersecurity companies to research the incident. “We are working diligently to restore involved systems as quickly and as safely as possible,” the reps stated. As for the important infrastructures that had been affected, the FBI and the Secret Service did not title them, however they did say they’re authorities services and within the monetary and meals & agriculture sectors. 

BlackByte is a ransomware-as-a-service (RaaS) operation that permits associates to make use of its ransomware for a share of the proceeds. It first surfaced in July final 12 months, however a flaw in its system allowed safety agency Trustwave to launch a decryption device that victims had been ready to make use of free of charge as an alternative of paying the group to have their recordsdata unlocked. An up to date model of the ransomware patched that flaw. 

In their warning, the authorities stated some victims reported that the dangerous actors used a identified Microsoft Exchange Server vulnerability to realize entry to their networks. The authorities have additionally launched filenames, indicators of compromise and hashes that IT personnel can use to test their networks for presence of the ransomware.