Professional Golfers’ Association hit by ransomware days before championship

Mere days before the Professional Golfers’ Association Championship at the Bellerive Country Club this week, hackers took control of the PGA’s servers and encrypted promotional materials to be used in the competition.

Cybersecurity Live - Boston

“Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm [sic],” read the message greeting PGA staff as they sat down in front of their computer screens Tuesday morning, according to Golfweek.

“Any attempt to break the encryption could cause the loss of all of the work,” the message warned. “This may lead to the impossibility of recovery of certain files.”

While not catastrophic, the infection locked up creative materials for the Bellerive championship, as well as development work for next month’s Ryder Cup hosted in France. The files included extensive promotional banners and logos used in digital and print communications, as well as files to be used on digital signage at Bellerive.

Some of the encrypted files included a year’s worth of development and cannot be easily replicated, a source who wished to remain anonymous reportedly said.

The hackers referred to themselves as “honest” and offered to decrypt two files of the PGA’s choice upon request, as proof that they hold the decryption keys. The attack appears sloppy in nature, as the hackers forgot to demand an actual ransom, despite leaving their Bitcoin wallet’s address in the message. Also, based on the poor English in the ransom note, Bleeping Computer speculates that attackers used the BitPaymer ransomware strain to infect the PGA’s systems.

The PGA has employed a team of experts to try to regain control of its data without paying the hackers. The association said it had no intention of giving in to the ransom demand, nor will it say anything official before the investigation is closed.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: