In golf, the word “Hacker” he was referring to a terrible player. But now the term takes on a much worse connotation, after attackers infected the U.S. GPA with ransomware.
Encrypted files include the publication items for the PGA Championship, which officially kicks off today at Bellerive Country Club in Missouri; the Ryder Cup next month in France and other future events. Encrypted data includes promotional banners, Logos and digital signage.
Bleeping Computer reported on Wednesday that clues point to the ransomware being BitPaymer, a malware that typically targets organizations through Internet-connected remote desktop services. A key indicator is the ransom-demand message itself, that he declared: “Your network has been assaulted. All files on every host on the network have been encrypted with a powerful algorithm”
Allan Liska, Architecture and ransomware expert of the registered Future solution, agreed with this assessment in emailed comments. “Based on the contents of the ransom note, PGA Championship Appears to Have Been Hit by BitPaymer Ransomware, which is the same ransomware that infected the Matanuska-Susitna district (Mat-Su) in Alaska and several hospitals in Scotland last year, “said Liska. “BitPaymer ransomware is believed to be developed by the Dridex team, the same attack group responsible for the Locky ransomware”.
PGA Doesn't Intend to Meet Hackers' Demands, that he never specified, reported Golf Week, Citing an anonymous source. The news outlet also stated that the tournament has not been affected so far, even though the PGA was still trying to take control of its servers.
“Attacks like these can affect by paralyzing services when an organization is not prepared in advance to restore its data. Unfortunately, This has become a common problem, and only the strong anti-malware protection combined with a strong backup policy (and restoration) It can help “, said Dr. Giovanni Vigna, Co-founder and CTO of Lastline, and director of the computer science group at the University of California, Santa Barbara. For this attack, Interestingly, no specific amount of money was requested, which could mean that this was more of a denial-of-service attack rather than actual extortion. Of course, It's also possible that the attackers simply made a mistake “.