[MART] - Daily Diary #452 - San Francisco 49ers Breached by BlackByte Ransomware
CTAS-MAT
ctas-mat at appgate.com
Mon Feb 14 20:50:52 UTC 2022
Hello,
I hope everyone is doing well!
Below is the entry for today.
02/14/2022 - Diary entry #452
First discovered late 2021, BlackByte is another Ransomware that operates in the Ransomware-as-a-Service business model. BlackByte also adopts the double-extortion model, stealing data before encrypting the systems, and threatening to publish if the ransom is not paid.
BlackByte operators are known to exploit ProxyShell vulnerabilities CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) in outdated on-premises Microsoft Exchange Server to deploy Cobalt Strike beacon. Cobalt Strike is then used to exfiltrate information from the compromised systems, move laterally through the network, and deploy additional tools, like the remote desktop application AnyDesk. Finally, BlackByte is executed to encrypt the files, along with commands to delete shadow copies and other security services.
This week, San Francisco 49ers NFL team disclosed it was a victim of BlackByte. The attack was only publicly disclosed after BlackByte added the team to its wall-of-shame website but, according to the team, after the incident law enforcement and other third-party security firms were immediately contacted and launched an investigation. The company added that there is no indicator that systems outside the company network were affected, like ticket holders systems. It's not clear all the impact to the company yet, but the consequences could have been catastrophic if the team had qualified for the Super Bowl, as it would probably affect the team's preparations.
Kind Regards,
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>
Felipe Duarte Domingues
Security Researcher
Appgate
E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220214/b7d5f1cf/attachment.htm>
More information about the MART
mailing list