Photo courtesy of bitcoinexchangeguide.com
If worrying about one of the biggest golf tournaments of the year wasn’t enough, the Professional Golfers’ Association of America (PGA) now must deal with a ransomware attack. On Tuesday (August 7th), Golfweek reported that computers at the PGA’s offices were infected with ransomware when ransom notes started appearing on employees’ screens.
PGA Ransomware Attack
“Your network has been penetrated… All files on each host in the network have been encrypted with strong algorythm.” This is what appeared on the screens of employees of the PGA. Due to the misspelling of “algorithm” and after initial analysis, it’s believed the PGA was most likely infected with BitPaymer ransomware. While the amount of ransom demanded is unknown, the hackers reportedly offered to decrypt two files for free as a confidence-building measure to entice officials at the PGA to pay the entire ransom. The timing of the attack couldn’t be worse as the PGA is hosting the PGA Championship which began on Thursday and will also be hosting the Ryder Cup at the end of September.
Along with the perfect timing (for the hackers), there is currently no decryptor available for BitPaymer ransomware. “At this time, there is no way to decrypt files encrypted by Bitpaymer without paying the ransom, so files need to be restored from backups,” said Allan Liska, senior security architect at Recorded Future.
BitPaymer Ransomware
BitPaymer has been around the ransomware scene for a while, but it has kept a pretty low profile until now. Like the popular form of ransomware, SamSam, BitPaymer usually targets organizations by hacking Remote Desktop Services connected to the Internet. Once the network has been penetrated, hackers will encrypt every computer they are able to access. The most recent variants of BitPaymer append ‘.locked’ to encrypted files and place a ransom note that shows up as the same name of the file encrypted with ‘.readme_txt’ appended to it. For example, if a file named ‘PGAChampionship.txt was encrypted, it would now show up as ‘PGAChampionship.locked.’ Furthermore, the ransom note would show up as ‘PGAChampionship.readme_txt.’
As mentioned before, the ransom demanded for PGA’s attack is unknown, however, recent ransomware attacks from BitPaymer have had ransoms as much as 53 bitcoins. Translated to U.S. dollars, this would be roughly $350,000.
Fortunately for golf fans, ransomware attacks don’t affect the physical game of golf. While the attack is certainly causing headaches for employees around the PGA, the PGA Championship is being played as scheduled, and we will be able to watch Tiger on the quest for his 15th major championship.