The San Francisco 49ers Ransomware Attack: Building a Responsive Cybersecurity Defense
On the day of the 2022 Super Bowl, one team that almost made it faced a devastating announcement. The San Francisco 49ers had been hacked by ransomware but didn’t find out until the hacker made a public announcement.
BlackByte, a known ransomware team, publishes blackmail announcements once they hack an organization. This is a way to publicly shame companies into paying the ransom to restore and resecure their data. BlackByte is known for both encrypting vital segments of data and for holding private data for ransom – threatening to reveal secured information if their victims refuse to pay.
Each NFL team is its own company and professional organization. The NFL has the potential to become a public bastion of the best cybersecurity of today – but only if every team approaches cyber defense with the same focus and strategy that they would coordinate defense in a game. Let’s take a closer look at what the 49ers and other NFL teams can do to build a nearly unstoppable wall of defense and a playbook of fast responses to the first detected cybersecurity risk.
Get Your Cybersecurity Assessed
The first thing you can do is get your corporate structure’s cybersecurity assessed. People may wonder how a football team can get hacked and the answer is: a football team is a corporation. And corporations get hacked all the time. While threats are inevitable in today’s chaotic digital landscape, there is a big difference between infiltrating a prepared vs unprepared business.
How prepared is your business if a malware program or ransomware hacker decides to target your brand? A cybersecurity assessment will tell you where your vulnerabilities are located and help you build a plan to close each one. These vulnerabilities could be non-updated Windows software with known exploitations, open ports in your firewall, or an unsecured login page on your website. Anything that can open the door for malware to slip in can become a cybersecurity risk. With an assessment, you’ll know where to start securing.
Penetration Testing and Stress Testing
The next step is in-depth penetration testing. A penetration test is when your security team does their best to crack into the network from the outside. It’s a challenge to use their creativity and knowledge to break in through any means they can. Any success will reveal another vulnerability – and provide the building blocks for how to close that vulnerability.
Stress testing discovers if your security assets can be overloaded. Like a DDOS or brute-forcing a password, stress testing takes methods that might not work once – but might work if tried rapidly a few thousand times. Can you run your servers hot without creating a vulnerability? Can your logins handle a brute force attack? If so, your system should perform well under stress testing.
Prepare to Prevent, Defend, and Recover
The NIST cybersecurity framework shows us that data security is no longer just about prevention. The phases of defending and even recovering after an attack have become a necessary part of the corporate data defense process. The NIST system suggests that the right approach to cybersecurity can be defined as
- Identify
- Protect
- Detect
- Respond
- Recover
The process starts by identifying vulnerabilities and protecting against them. If there is an attack, the system focuses on quick detection and response to minimize the need for recovery.
Outsource To A Cincinnati Cybersecurity Team
Not every company has the right IT team to secure your data. This is normal – most businesses are not focused on data security as part of the business model. If you need more cybersecurity than your on-staff team can handle, the solution is an elegant one. Outsource your cybersecurity needs with a team that will become your partners and an extension of your own IT department.
Thousands of companies have resolved their cybersecurity concerns by placing their needs in the hands of experts. In a serious IT labor shortage, this is often the most practical way to build yourself cybersecurity support fast and give yourself time to hire later.
Put Everyone on Defense
Since we can’t go on offense (and take the fight to the hackers) we’ll have to go on defense. Fortunately, your corporate structure isn’t limited to a certain number of players on the field. You can put everyone on defense to help protect the company from ransomware, malware, and phishing attacks.
Put your team through cybersecurity training, but don’t stop there. While the information is still fresh, start running cybersecurity drills. Challenge your team members to spot the phishing emails or infected links generated secretly by your IT team. Throw a party and provide rewards when an employee spots the decoy and responds to/reports it correctly.
Cybersecurity training paired with drills can turn your entire staff into a cybersecurity defense team – and eager to catch the next real or decoy hacker.
Zero Trust and Shared Vigilance
Build a company culture of vigilance and a digital policy of zero trust. “Zero Trust” means not trusting computers to provide their own safety. You never know when an infiltrating ransomware program will start moving laterally and escalating permissions to give itself access. You never know when a clicked file will embed itself deep in the hidden resources of a computer as it seeds a network infection. You never know which midnight login is a hacker or an employee up late. So, with the help of AI and network monitoring tools – watch them all.
Encourage everyone to keep an eye out for suspicious computer behaviors, new accounts, secure files with recent touch dates, and suspicious computer CPU/Memory usage. There will be few places a hacker’s malware can hide.
Backup and Recovery From the Ground Up
Finally, and this is very important, make sure to build your backup recovery plan. There is one great answer to an infected computer or network with a hacker demanding a ransom to ever see your precious files again – and that is to nuke-and-pave the system and restore from a recent backup.
You could be back at work after only a few hours of reloading systems instead of spending days without your data or deciding whether to pay the ransom. Infrastructure backups allow you to reload whole workstations and networks from scratch – like a preloaded operating system in a virtual machine. Archive backups keep your databases safe and recent backups help you lose a few hours of work as possible.
Take regular backups and always test them to make sure your restoration process results in a complete and working system. Build an archive of backups and we strongly recommend keeping your backups stored with an “air pocket” between the internet, your servers, and the backup archives. This way, no local or cloud network infection can impact your ability to restore from those essential backups.
After what happened to the 49ers, what should all other NFL teams and corporate organizations do to keep safe from this new generation of ransomware? It’s time to build a playbook, run cybersecurity drills, and put the whole team on defense. Malware may be inevitable, but you never have to give up prevention, detection, and hardcore damage control.
Ready to defend your network like a defensive coordinator looks to hold on 4th down and 1? So are we. Contact us today to get started on the right cybersecurity strategy for your team.
