Golf association PGA reportedly hit by ransomware

The Professional Golfers' Association of America’s (PGA) computer networks have been infected with ransomware days before a major golfing tournament was set to commence. 

According to Golfweek, the PGA discovered their computers were compromised on Tuesday, which locked the up key files necessary for PGA Championship at Bellerive Country Club that kicked off today, and the upcoming Ryder Cup in France. 

Infected computers were left with the message that threatened any attempt to unlock the files “may lead to the impossibility of recovery of certain files.”

“Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm .”

The misspelling of the word algorithm is the error that’s been seen on computers infected with the BitPaymer ransomware, noted BleepingComputer

PGA files that were locked include its promotional banners and logos and digital signage it uses for tournaments. 

The PGA compromise comes a few weeks BitPaymer caused chaos for the government of Matanuska-Susitna Borough in Alaska.

BitPaymer has infected numerous organizations since it was discovered in mid-2017. According to security firm ESET, BitPaymer was developed by the makers of the banking trojan, Dridex. 

The attackers usually target organizations rather than consumers and deliver the malware to organizations using Remote Desktop Protocol (RDP) and ‘brute forcing’ passwords. 

If the PGA is indeed infected with BitPaymer it could face difficulties recovering the files, depending on how it backed them up. The head of IT at the government Matanuska-Susitna Borough reported backups helping save some systems, while its Exchange email system was completely unrecoverable. 

The government organization is holding on to the encrypted files in the hope that the FBI may recover the files if someone discovers a way to decrypt the files. Europol's "no more ransomware" project is hosting a collection of decryption tools, but it doesn't have one for BitPaymer.   

It also believes the ransomware was set to automatically spread across its network after its antivirus began to detect computers infected with the Emotet banking trojan and removing infections. The organization believed the ransomware’s purpose was to destroy evidence that may have been discovered during the investigation. 

Golfweek noted that the ransom message the PGA received include a bitcoin wallet however it did not include a demand for a specific amount of money. 

Last year, BitPaymer's attackers were known to demand up to 53 Bitcoin, which today is worth about $300,000.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags ransomwareBitpaymer

More about ESETEuropolFBIindeed

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts