Ransomware Scores A Touchdown Against San Francisco 49ers
Ever wonder what it looks like when hackers do a victory dance? It looks like what happened this Superbowl Sunday when a hacker studio announced that the San Francisco 49ers not only missed the ‘Bowl, but also had their corporate network hacked and ransomware’s right under their noses. How does this happen? How can an undoubtedly well-managed and well-funded major league football team have a cybersecurity touchdown scored so effectively against them?
That is the nature of the cybersecurity landscape we face today. Hackers are more numerous than ever, with studios like BlackByte actively selling their ransomware programs to less accomplished hackers to spread the mischief. When we say no one is immune, we mean that from the smallest corner shop to industry giants like the 49ers are at risk – and even good firewalls can’t stop the millions of infiltrations and data thefts going on every year.
What Happened? The 49ers Ransomware Slam Explained
On February 13, 2022 – Superbowl Sunday – an announcement appeared on the dark web. A known hacker studio called BlackByte posted a gloat-list of their ransomware’d victims and at the top of that list was the San Francisco 49ers, with a lovely blurb about their history and past accomplishments to drive the point home. Had the 49ers made the Superbowl this year, this attack would have made international news and potentially caused incredible backlash as the 49ers corporate network assets were temporarily locked down in the ransom.
Here’s how BlackByte works: Typically, their ransomware takes advantage of a Windows Exchange Server vulnerability that is known but often goes unpatched. From there, they infiltrate laterally, moving through the network and “escalating privileges”. This means the program progressively granted itself more and more permissions until it could access and compromise critical files.
When the program is ready, it begins to encrypt folder after folder. The only readable item left in the folder is a single text document delivering the ransom.
How to Protect Your Corporate Network from Ransomware
Whether you are an NFL team or a major retail brand, every corporation should consider this an important lesson. No brand is too big for cybersecurity innovation. The NFL has the potential to become industry leaders in their streamlined management of team assets and security. But first, every team should take a look at their current cybersecurity defenses and build a plan of action for both prevention and swift response to ransomware and other cybersecurity threats.
This is the new playbook.
Audit Your Cybersecurity Defenses
If you’re wondering if the 49ers had decent cybersecurity, they did. This means it’s time for everyone to question the protection of their standard-issue firewalls configured months and years ago. Is it enough?
The first step to corporate security against ransomware risks is to assess your current digital defenses. Run a battery of tests including vulnerability, penetration, and stress tests to find where your defenses are weakened and how they should be improved. A full audit of your network will also identify elements in the stack – like the Microsoft Exchange Server – that may have known and exploitable vulnerabilities.
Make Backups of Everything, All the Time
What is the one thing you can do to completely defy and override a ransomware attack? Restore from backup.
Ransomware relies on locking up files that you desperately need. But what if you can wipe the infected computers and networks to their hardware and simply reload everything – including network settings – from a backup? Ransomware doesn’t stand a chance – and neither does other types of malware.
So take full backups. Take backups of
- Infrastructure – to reload systems and networks after a hardware wipe
- Archives and Databases – to protect your primary mass of data
- Recent Files and Live Projects – to minimise “rollback” loss after a restoration
Test your restoration process with every backup to make sure your files are functional and ready for an emergency.
Implement a Security Standard Protocol
Pick a security protocol to adhere to. Merchants often use the PCI-DSS, but the NIST Cybersecurity Framework is a powerful modern place to begin your protocols for internal security. This model focuses on cybersecurity as a 5-stage cycle.
- Identify Risk
- Protect Against Known Risks
- Detect New Threats
- Respond Swiftly to Stop Threats
- Recover Any Losses
This standard will help you stay on your toes to keep up with security patch updates and the latest corporate cybersecurity news. Each new threat detected through vulnerability testing, penetration testing, or a real infiltration starts you back at the Identify stage to analyze the threat, build a plan, and prepare a response.
The more responses you have prepared for future cybersecurity threats, the faster you can move if a real threat arrises.
Teach Your Team to Spot Suspicious Behaviour
- Phishing Emails
- Slow and Overtaxed Computers
- Unusual File Access Activity
- Hidden or Unnamed Programs Running
Teamwork is essential for any organisation or company cybersecurity. As digital defenses get better, humans become the weakest security link. This results in social hacking and phishing – trying to trick employees into clicking on infected links while using work computers. Employees can learn to spot these scam tactics – and even to see the signs of an already-infected system and report it before the ransom initiates.
Teach your team how to uphold cybersecurity, then use cybersecurity drills. Have your IT team send fake phishing emails and generate suspicious file-touches to reward all employees who notice and report – or who respond exactly as they were trained. Watching for the faux hacks will keep everyone ready when that real hack tries to slip through.
Make Use of Advanced Network Monitoring
Last and most important is Network Monitoring. This is a type of monitoring that can see everything from the core temperature of your motherboard to the number of times a file is read on your servers. With AI assistance and expert operation, network monitoring can be used to identify your company’s typical network usage and alert on non-typical use – like resources used invisibly by lurking malware or a ransomware program moving laterally to escalate its privileges. If the 49ers had set up sufficient network monitoring, BlackByte’s ransomware would have given itself away long before the first file was corrupted – when the program first started giving itself permissions to act.
Ready to step up your cybersecurity game so that your team is the one getting the touchdown when hackers make a play? So are we. Contact us today to consult on the best cybersecurity stack upgrades for your team network.