With the rise of the Internet came digital attacks. It was to be expected, considering how big the cyberspace has become and how much relies upon it now. And con artists don’t stop – they always look for new sources to bring revenue to them. Now they have turned their eyes towards the PGA of America servers and they did so just before the official August 9 start of the PGA Championship in Missouri. They used the BitPaymer ransomware in their attack, encrypting PGA’s important data and it’s not dollars or euros they’re after – they want to be paid in Bitcoins.
Per Golfweek, compromised files include “extensive promotional banner and logos used in digital and print communications,” and also “development work on logos for future PGA Championships”, and the data on the upcoming Ryder Cup in France. Some of the work on it began over a year ago and it couldn’t be replicated easily. What’s interesting here is that the Bitcoin address for the payment was provided by cybercriminals, but the specific amount was not. The ransom note created by the threat says “your network has been penetrated” and “all files on each host in the network have been encrypted with a strong algorythm [sic].” As of now, PGA didn’t comment on whether it attempted to get in contact with people behind the virus or if it was able to learn the sum needed to be paid.
According to inside sources, the organization has no plans to sponsor the attackers and intends to bring the outside experts in to deal with the problem. Whether those efforts will bear fruit remains to be seen, as there’re certain types of ransomware in existence to which the decryption tools still haven’t been developed – the only way to regain access to encrypted data in this case is to recover it from backup. Nevertheless, there won’t be any delays with the start of the tournament and everything will commence as planned.
Speaking of the BitPaymer virus itself, it has been roaming the Internet for a while, but it wasn’t used to carry out such high-level attacks. However, it has seen a moderate raise in activity in recent weeks, so it’s possible that con artists have changed their outlook on it. The reason for that isn’t known yet. This ransomware, like SamSam, hacks Remote Desktop Services connected to the Internet. As soon as it successfully does that, it attacks the computers on that network and encrypts the files stored in them.
The threat can be distinguished by the “.locked” extension it appends to compromised data and also by ransom notes that share their name with each attacked bit and have the “.readme_txt” added to them as well. It means that “schedule.jpg” image is going to be renamed to “schedule.jpg.readme_txt”. Even though the amount needed to be paid out wasn’t provided to PGA, it was known to be exceptionally high with BitPaymer. In the past, it cost 53 Bitcoins (approximately $350,000 USD) to decrypt the network affected by it. And it’s just one of the examples.
No entities seem to be off limits to cybercriminals these days, whether it’s corporations, hospitals or governing bodies. Hackers seem to find a way to bypass the safety measures no matter what they’re dealing with, so keeping them up-to-date is essential to make that task more difficult. The most important thing here is not to count on luck and not treat the possibility of a virus attack lightly. It can happen without any warning and absolutely out of nowhere – just like it did with PGA. And since an organization like this can fall victim to ransomware, smaller companies should be on the lookout too.