Ransomware Hackers Target the PGA

Ransomware hackers have struck again, this time targeting the PGA of America’s computer servers and locking them out of crucial files.  The hack comes at an especially bad time for the PGA due to this week’s PGA Championship at Bellerive Country Club and the upcoming Ryder Cup in France.

Staff realized the morning of August 7th that their systems had been compromised when they received this message while trying to open their files: “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm.” The hackers warned that any attempt to break the encryption could cause the loss of all work and lead to the impossibility of recovery of certain files.

The hacked files contained creative materials for the PGA Championship at Bellerive and next month’s Ryder Cup in France, including promotional banners and logos used in digital and print communications, and on digital signage around the grounds at the tournaments. The stolen files also include logos for future PGA Championships. Some of the work began more than a year ago and cannot be easily replicated.

Although they have not asked for money yet, the hackers made clear that their goal was extortion. They wrote, “We exclusively have decryption software for your situation. No decryption software is available in the public.”

The hackers provided an encrypted email address and offered to recover two files, likely to prove that they were able to decrypt the files. They also provided a Bitcoin wallet number, but have not demanded a specific ransom amount. Unfortunately, Bitcoin wallets are not linked to specific individuals, therefore they cannot be used to identify any suspects.

The PGA of America does not intend to meet any extortion demand, but the organization’s IT team has not regained complete control of the files or identified the source of the hack.

It’s not believed that the hacking has yet impacted the PGA Championship and outside IT experts have been brought in to ensure the tournament is unaffected.

Cyberattacks like this, in which hackers gain access to sensitive files, encrypt them and then ask for payment are known as ransomware. Such attacks have become more common in recent years, and ransomware hackers typically request cryptocurrency, often Bitcoin, which is difficult for authorities to trace. Many cybercriminals use programs that automatically look for vulnerable systems to attack in the hopes of making small amounts of money from many victims.

The PGA appeared to be specifically targeted and explicitly timed to a major event, indicating that the association could be dealing with a particularly difficult situation.

Hindsight is 20/20, but if the PGA had proper backups in place, this situation would have been easily and quickly handled. This tricky situation serves as yet another reminder of the importance of secure networks, proper backups, and a trustworthy IT team.

Readers Comments

Ransomware Hackers Target the PGA

Ransomware hackers have struck again, this time targeting the PGA of America’s computer servers and locking them out of crucial files.  The hack comes at an especially bad time for the PGA due to this week’s PGA Championship at Bellerive Country Club and the upcoming Ryder Cup in France.

Staff realized the morning of August 7th that their systems had been compromised when they received this message while trying to open their files: “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm.” The hackers warned that any attempt to break the encryption could cause the loss of all work and lead to the impossibility of recovery of certain files.

The hacked files contained creative materials for the PGA Championship at Bellerive and next month’s Ryder Cup in France, including promotional banners and logos used in digital and print communications, and on digital signage around the grounds at the tournaments. The stolen files also include logos for future PGA Championships. Some of the work began more than a year ago and cannot be easily replicated.

Although they have not asked for money yet, the hackers made clear that their goal was extortion. They wrote, “We exclusively have decryption software for your situation. No decryption software is available in the public.”

The hackers provided an encrypted email address and offered to recover two files, likely to prove that they were able to decrypt the files. They also provided a Bitcoin wallet number, but have not demanded a specific ransom amount. Unfortunately, Bitcoin wallets are not linked to specific individuals, therefore they cannot be used to identify any suspects.

The PGA of America does not intend to meet any extortion demand, but the organization’s IT team has not regained complete control of the files or identified the source of the hack.

It’s not believed that the hacking has yet impacted the PGA Championship and outside IT experts have been brought in to ensure the tournament is unaffected.

Cyberattacks like this, in which hackers gain access to sensitive files, encrypt them and then ask for payment are known as ransomware. Such attacks have become more common in recent years, and ransomware hackers typically request cryptocurrency, often Bitcoin, which is difficult for authorities to trace. Many cybercriminals use programs that automatically look for vulnerable systems to attack in the hopes of making small amounts of money from many victims.

The PGA appeared to be specifically targeted and explicitly timed to a major event, indicating that the association could be dealing with a particularly difficult situation.

Hindsight is 20/20, but if the PGA had proper backups in place, this situation would have been easily and quickly handled. This tricky situation serves as yet another reminder of the importance of secure networks, proper backups, and a trustworthy IT team.



backtotop