Reports suggest the PGA’s network was compromised in an effort to blackmail the group before a major tournament.
The Professional Golf Association (PGA) was reportedly the target of a recent ransomware attack just before a major championship.
According to Golf Week, the PGA of America’s were compromised by threat actors this week. Staff at the organisation realized on Tuesday morning that files were no longer accessible on the network and officials were locked out of the system.
A message was posted which said the PGA network “has been penetrated,” and “All files on each host in the network have been encrypted with a strong algorythm [sic].”
The threat actor then warned that attempts to recover encrypted files would result in the loss of all content.
Ransomware is a particularly virulent type of malware. Once a system is infected with ransomware such as Cerber, CryptoLocker or WannaCry — to name a few — the malware will often encrypt files and only release the decryption key when a ransom payment is made, usually in Bitcoin (BTC).
Security researchers who able to reverse-engineer ransomware will make the keys public when ever possible. In an attempt to stem the malware trend that often leads to irreplaceable content being lost, the disruption of corporate services, and individual heartache.
Despite the establishment of projects such as No More Ransom, ransomware remains a real threat to businesses and consumers alike.
Tee Off Time
The timing of this ransomware campaign, it appears, may have been deliberate and planned in order to exert serious pressure on PGA officials to pay up, as members are currently amidst a championship competition at the Bellerive Country Club. The Ryder Cup is also on the horizon.
Without access to critical files, such disruption could have placed the competitions in jeopardy. However, it seems despite the reported attack, the organization is working hard to regain control.
According to the publication, the encrypted files included promotional materials for current and upcoming golf events, as well as content related to the development of future championship logos.
“We exclusively have decryption software for your situation,” the cybercriminals warned. “No decryption software is available in the public.”
The threat actors also sent an email to the PGA of America offering to decrypt two files to show their “honest intentions” — in other words, their ability to decrypt the files should the organization choose to pay up.
This is a common tactic employed by ransomware operators to encourage victims to submit to the blackmail and pay. By offering to decrypt files “for free,” hackers demonstrate that it is a possibility for victims to recover their content.
Golf Week says that a Bitcoin wallet address was also included in the email, but interestingly, no set ransom demand was included. This may suggest that the threat actors were willing to negotiate the price.
However, the organization is not so keen. An anonymous source said that the PGA of America has no intention of paying up.
It is not known who is behind the attack and IT staff are yet to fully regain control of the firm’s systems.
A PGA spokesperson said the situation was ongoing and so no comment would be made on the alleged attack.