On Friday, NFL’s San Francisco 49ers mails notification letters confirming a data breach that affects more than 20,000 people following a ransomware attack that hit its network earlier this year.

The San Francisco Bay Area professional American football team has confirmed that personal information (including names and Social Security numbers) belonging to 20,930 affected people was accessed and/or stolen in the attack between February 6 and February 11, 2022.

In the notification letters sent to the affected people starting Thursday, the team reveals that the 49ers conducted a thorough review of these files to identify the individuals whose information was contained in the files, and additional research to find and verify the addresses for these individuals.

It further stated that on August 9, 2022, the 49ers finished this process and finds that the incident involved the name and Social Security numbers of seven Maine residents.

At the time, the 49ers confirmed the incident in a statement to Bleeping computer, claiming it caused a temporary disruption to portions of their IT network.

While the football team hasn’t revealed whether the hackers successfully deployed ransomware payloads, the statement said they are still restoring systems, indicating that the breached devices were also likely encrypted, Bleeping computer reports.

On February 12, The BlackByte gang claimed accountability for the attack, right as the NFL was getting ready for Super Bowl 2022, by starting to leak files claimed that were stolen from the 49ers’ network.

The post Blackbyte ransomware targets San Francisco 49ers, affects the data 20k individuals appeared first on The Tech Outlook.

The BlackByte ransomware is here again with the version 2.0 of its operation. Its comeback includes a new data leak site that utilizes new extortion techniques borrowed from LockBit. 

After a short hiatus, they are promoting a new data leak site on hacker forums as their comeback act. Additionally this promotion is also carried out through Twitter accounts that the Twitter account controls. 

The threat actors have name this new version as BlackByte version 2.0. Along with it, they have launched a new Tor data leak site. 

Presently the data leak site has only victimized one victim. However, it possess new extortion strategies that offers victims various negotiation prices. Victims can pay $5,000 to extend the publishing of their data by 24 hours, download the data ($200,000) and $300,000 to destroy all the data. The prices are likely to differ according to the revenue/size of the victim. 

KELA, cybersecurity intelligence firm informs that BlackByte’s new data leak site is not embedding the Bitcoin and Monero addresses correctly, that “customers” can use to purchase or delete the data, making these new features currently broken. 

The goal of this new campaign is to leave a way for victims to pay to remove their data and for other threat actors to purchase if they wish to. 

The post BlackByte 2.0 is here with data leak site appeared first on The Tech Outlook.

In a joint alert, the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) warn that the BlackByte ransomware has been utilized in attacks on at least three critical infrastructure sectors in the United States.

A list of countermeasures that can aid administrators in thwarting BlackByte attacks:

• Make regular backups of all data, which should be stored offline as air gapped, password-protected copies. Ensure that these copies are not editable or deleteable from any system where the original data is stored.
• Implement network segmentation to prevent all machines on your network from communicating with each other.
• Install and update antivirus software on all hosts on a regular basis, and turn on real-time detection.
• As soon as updates/patches are available, install them on your operating system, applications, and firmware.
• Look for new or unknown user accounts on domain controllers, servers, workstations, and active directories.
• User accounts with administrator privileges should be audited, and access controls should be configured with the least amount of privilege in mind. Do not grant administrative privileges to all users.
• Disable any unused remote access/Remote Desktop Protocol (RDP) ports and keep an eye on the remote access/RDP logs for anything strange.
• Consider including an email banner in emails that come from outside your company.
• Disable hyperlinks in emails you’ve received.
• When logging into accounts or services, use two-factor authentication.
• Ensure that all accounts are audited on a regular basis.
• Ascertain that all identified IOCs are entered into the network SIEM for ongoing monitoring and notifications.

The post How to protect yourself against BlackByte ransomware , Complete list appeared first on The Tech Outlook.

In the previous three months, the BlackByte ransomware group has infiltrated the networks of at least three firms in the US critical infrastructure sectors, according to the FBI.

This was revealed in a joint cybersecurity advisory issued by TLP:WHITE and the US Secret Service on Friday.

“As of November 2021, BlackByte ransomware had infected many US and foreign enterprises, including institutions in at least three US critical infrastructure sectors (government facilities, banking, and food and agriculture),” according to the federal law enforcement agency [PDF].

“BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on infected Windows host systems, including physical and virtual servers,” according to the researchers.

The advise focuses on giving businesses indicators of compromise (IOCs) that they may use to detect and protect against BlackByte’s attacks.

MD5 hashes of suspicious ASPX files identified on hacked Microsoft Internet Information Services (IIS) servers, as well as a list of commands used by the ransomware operators during assaults, are among the IOCs connected with BlackByte activity revealed in the warning.

The ransomware attack on the San Francisco 49ers

In related news, the San Francisco 49ers of the National Football League reported over the weekend that they are recovering from a BlackByte ransomware attack.

The threat actors claimed responsibility for the attack, claiming that they took data from the football organization’s servers and posted around 300MB of files on their data leak blog.

In a statement to BleepingComputer, the 49ers confirmed the ransomware assault and stated that it only caused a temporary disruption to areas of their IT network.

Since at least July 2021, when it began targeting corporate victims around the world, the BlackByte ransomware campaign has been operating.

This gang is notorious for using software vulnerabilities (particularly Microsoft Exchange Server) to get initial access to their enterprise targets’ networks, demonstrating that keeping your servers up to date will almost certainly prevent them from attacking you.

After the ransomware gang used the same decryption/encryption key in many attacks, cybersecurity firm Trustwave produced and released a free BlackByte decryptor in October, allowing some victims to restore their files for free.

The post BlackByte ransomware group has infiltrated the networks of at least three firms in the US critical infrastructure sectors, according to the FBI appeared first on The Tech Outlook.