On July 23, it has been reported that the centre noted a recent example in which attackers demanded that an English Football League club (EFL) pay a multi-million dollar ransom in Bitcoin (BTC).
However, according to the Cyber Threat to Sports Organizations paper, the unnamed club was targeted by ransomware that crippled their corporate security systems.
It has been analyzed that the ransom amount requested was 400 BTC ($3.66 million). The club declined to pay, resulting in a loss of their stored data.
The study reveals that the attack may have led to significant damages, as it notes that the club was unable to use their corporate e-mails, and the stadium’s CCTV system and turnstiles were non-operational due to the attack.
As per the report, there is no public information on the attack vector that allowed the criminals to infiltrate their system. One hypothesis is that a phishing email was used to deploy the attack. The systems may also have been accessed through the CCTV system.
The UK cybersecurity authorities disclosed that the attack cost the club “several hundred thousand pounds.”
Also, the study states that approximately 40% of the attacks on British sports organizations involved malware, and a quarter of this involved ransomware.
It has also been analyzed that these attacks have been growing in terms of impact since 2018, with cybercriminals mostly targeting high-value sports entities.
Thus, the software required to carry out such an attack is widely available on the darknet.