PGA Computers Hit By Ransomware Infection
As the PGA Championship kicks off at Bellerive today, the Association finds itself with some unpleasant work to do back at the office. Ransomware has infected several computer systems at the PGA of America.
According to a report published by Golf Week — not typically the kind of place you’d expect to see publishing cybersecurity news — the ransomware has encrypted a number of files connected to this weekend’s Championship and other upcoming events. Promotional materials and logos that were created for print and digital advertising have been encrypted, and decryption isn’t an option. Not without paying the ransom, at least.
Bleeping Computer points out similarities between the ransom note left on PGA systems and those created by the BitPaymer ransomware. BitPaymer has been around for some time, but it remains a tough nut to crack. There are no freely available decryption tools and the ransom note makes that quite clear.
The note provided a Bitcoin wallet address and a pair of encrypted email addresses. The amount of the ransom was not specified, but Bleeping Computer mentions a previous BitPaymer attack demanding 53 Bitcoins to restore files. That’s just over $340,000 at the current exchange rate.
In a “show of good faith,” the attackers offered to decrypt two files to prove their decryption system would perform as expected. The PGA of America reportedly will not take the bait and does not intend to pay.
Decryption is just one way that ransomware victims can recover files. Restoring those files from a backup is often a faster and safer way to get the job done. It also doesn’t require interacting with cybercriminals.
While IT staff are still working to restore normal functionality, the Championship itself has not been impacted in any way. The Association will not be issuing any comment until the situation has been resolved.