Digital attackers targeted the computer servers of a golfers’ association with ransomware and encrypted files stored on those assets.
Staff at the Professional Golfers’ Association of America (PGA) discovered the attack on 7 August. When they attempted to access certain work files that morning, those documents generated a ransom note informing them that their employer’s “network has been penetrated” and that “[a]ll files on each host in the network have been encrypted with a strong algorythm [sic].” The warning message also made clear that those responsible for the attacks possessed “decryption software for [PGA’s] situation.”
According to Golfweek, the affected servers contained files like promotional banners and logos for the PGA Championship at Bellerive Country Club set to take place on 9 August as well as the 2018 Ryder Cup scheduled for the end of September. Also included in the encrypted assets were development work on logos for future PGA championships. Some of that work began back in 2017.
The ransom message contained both a Bitcoin wallet number and an encrypted email address through which PGA can pay the demanded ransom fee and ask the attackers to decrypt up to two affected files for free as evidence of their “honest intentions.” But PGA does not intend to meet those demands, a source inside the Association told Golfweek.
Given the language of the ransom note, especially the misspelling of “algorithm,” Bleeping Computer has reason to believe that BitPaymer is the ransomware behind the PGA infection. This threat generally infects organizations by targeting workstations through the Remote Desktop Protocol (RDP). Upon successful infection, it spreads to other machines within the network.
PGA was still attempting to regain complete control of its files at the time of publication.
The attack against PGA emphasizes the fact that ransomware is still a relevant threat and that organizations need to defend themselves. Towards that end, here are a few recommendations on how to prevent a ransomware infection.