Turkey’s best football club attacked by hackers – website paralyzed

Trabzonspor Kulubü’s website was down on Thursday. The ransomware gang Medusa provides a plausible explanation for the technical glitch. The day before, she published a threat against the well-known professional football club on her dark web leak site.

Accordingly, the cybercriminals hacked into the 2022 Turkish champions, who lost to FC Basel in the Europa Conference League this spring. And now they threaten to release stolen data.

There is no confirmation from the traditional club from the port city in northeastern Turkey.

The extortionists offer several options to the alleged victim: they can pay $10,000 to extend the ransom period by one day or $1 million to download or delete all captured data.

Trabzonspor is one of the most decorated clubs in the country with seven Super Lig titles. He was the first club not based in Istanbul to win the top division.

How dangerous are the attackers?

Relatively little is known about the ransomware gang that goes by the name “Medusa”. It seems certain that the unknown criminals are in control: in March 2023, they ranked third behind the notorious LockBit and ALPHV groups in the number of publicly disclosed ransomware attacks worldwide.

In May, Medusa attacked a southern Italian water company, reportedly causing technical failures. Earlier, an online university in Cyprus had already been affected.

Past victims include Tonga Communications Corporation (TCC), a state-owned telecommunications company in the South Pacific island nation, and oil and gas regulator PetroChina Indonesia.

risk of confusion

According to the assessment of IT security experts, these are not the same cybercriminals behind the older “MedusaLocker” malware.

In fact, several threat actors use the name, which comes from Greek mythology. In addition to the two ransomware gangs, there is Android malware and a botnet based on the Linux malware Mirai, an online association of computers infected with malware of the same name.

The MedusaLocker group is believed to predate Medusa by two years, as reports of their activities first appeared in 2019. This is said to be a ransomware-as-a-service group in which several criminal partners (“affiliates”) share the same platform use to attack business victims.

How common are hacker attacks on professional football clubs?

We do not know that. Corresponding attacks are a taboo in all economic sectors. And that also applies to professionally managed sports companies.

Very little information is available on ransomware attacks against internationally renowned football clubs.

The hacker attack on the unnamed British club revealed that the company’s management had underestimated the IT security risks. A number of omissions are noted in the NCSC report:

Sources