Trabzonspor Kulubü’s website was down on Thursday. The ransomware gang Medusa provides a plausible explanation for the technical glitch. The day before, she published a threat against the well-known professional football club on her dark web leak site.
Accordingly, the cybercriminals hacked into the 2022 Turkish champions, who lost to FC Basel in the Europa Conference League this spring. And now they threaten to release stolen data.
There is no confirmation from the traditional club from the port city in northeastern Turkey.
The extortionists offer several options to the alleged victim: they can pay $10,000 to extend the ransom period by one day or $1 million to download or delete all captured data.
Trabzonspor is one of the most decorated clubs in the country with seven Super Lig titles. He was the first club not based in Istanbul to win the top division.
How dangerous are the attackers?
Relatively little is known about the ransomware gang that goes by the name “Medusa”. It seems certain that the unknown criminals are in control: in March 2023, they ranked third behind the notorious LockBit and ALPHV groups in the number of publicly disclosed ransomware attacks worldwide.
In May, Medusa attacked a southern Italian water company, reportedly causing technical failures. Earlier, an online university in Cyprus had already been affected.
Past victims include Tonga Communications Corporation (TCC), a state-owned telecommunications company in the South Pacific island nation, and oil and gas regulator PetroChina Indonesia.
risk of confusion
According to the assessment of IT security experts, these are not the same cybercriminals behind the older “MedusaLocker” malware.
In fact, several threat actors use the name, which comes from Greek mythology. In addition to the two ransomware gangs, there is Android malware and a botnet based on the Linux malware Mirai, an online association of computers infected with malware of the same name.
The MedusaLocker group is believed to predate Medusa by two years, as reports of their activities first appeared in 2019. This is said to be a ransomware-as-a-service group in which several criminal partners (“affiliates”) share the same platform use to attack business victims.
How common are hacker attacks on professional football clubs?
We do not know that. Corresponding attacks are a taboo in all economic sectors. And that also applies to professionally managed sports companies.
Very little information is available on ransomware attacks against internationally renowned football clubs.
- Informed in November 2020 Manchester United about a cyber attack where immediate measures were taken to identify and shut down affected systems. However, those responsible did not explicitly speak of a ransomware attack.
- As early as July 2020, it would have hit another British football club. Those responsible refused to pay the ransom demanded. The encryption attack paralyzed the stadium’s video surveillance and turnstiles, and the game nearly had to be cancelled.
- The incident prompted Britain’s National Cyber Security Center (NCSC) to issue a public warning in the form of a report stating that football teams are at increased risk from ransomware attacks and phishing campaigns.
The hacker attack on the unnamed British club revealed that the company’s management had underestimated the IT security risks. A number of omissions are noted in the NCSC report:
- The company’s IT system had “grown organically” and only a few security mechanisms had been implemented before the attack.
- There was no emergency plan and no emergency drills were conducted.
- Little has been invested in cybersecurity. The club then hired a new IT manager and upgraded its IT systems and processes to minimize the risk of future attacks.
Sources
- malwarebytes.com: Ransomware rating: March 2023
- cyborgsecurity.com: Medusa ransomware
- therecord.media: Italian water supplier serving 500,000 people affected by ransomware attack (May 2023)
- ncsc.gov.uk: The Cyber Threat to Sports Organizations (PDF, 2020)
- cshub.com: IOTW: World’s 3rd Most Valuable Football Club Hit by Cyber Attack (November 2021)
- wikipedia.org: Trabzonspor
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
