Rockets working with FBI to investigate cyberattack on team systems

The team says its investigation is ongoing, but it appears that the hackers attempted to install ransomware on certain internal systems.

The Houston Rockets are investigating an attempted cyberattack on systems within their internal network, according to a team statement.

“The Rockets organization recently detected suspicious activity on certain systems in its internal network,” the statement reads. “We immediately launched an investigation to aggressively gather facts and began taking steps to block the unauthorized activity. Leading cybersecurity experts were also engaged to assist in the investigation.”

Our investigation is ongoing, but it appears that the unknown actors attempted to install ransomware on certain internal systems at the Rockets. However, our internal security tools prevented ransomware from being installed except for a few systems that have not impacted our operations. We are also aware of reports that the actors behind the attack claim to have acquired internal business information of the Rockets.

The ransomware group, which goes by the name Babuk, claimed on its dark web page to have stolen 500 gigabytes of Rockets’ data, according to Bloomberg. The hackers allege that the data includes contracts, non-disclosure agreements and financial data, and the group threatened to publish it if the team declined to pay. The extortion ad on Babuk’s dark web page was removed on Wednesday, Bloomberg reported.

The Rockets say they are working with the U.S. Federal Bureau of Investigations (FBI). Their statement concludes:

The Rockets organization is working diligently to investigate the incident and the actor’s claims, including working closely with the FBI to support their investigation. However, these investigations are complex, dynamic and require time to conduct properly. Until our investigation is completed, it will be difficult to determine with certainty the scope of the incident, but we will continue to work vigilantly to address any potential issues that may affect our fans, employees, and players. Should we determine throughout the investigation that personal information of any individuals may have been involved, we will notify those individuals directly.

While this investigation is ongoing, the incident has had no impact to our operations or our ability to take care of our fans, employees, and players.

The projected timetable of the investigation is not yet clear. In a potentially similar case, Premier League soccer club Manchester United announced last fall that it had been attacked by cyber criminals.

[lawrence-related id=47079]