A sophisticated ransomware attack recently allowed hackers to take control over several servers owned by the Professional Golfers' Association (PGA) in the United States, encrypting important data related to the ongoing PGA Championship at Bellerive Country Club and the upcoming Ryder Cup in France.
The attack was discovered by PGA staff when they received threatening messages on their systems while trying to access internal files. Hackers behind the ransomware attack reportedly told PGA staff that their files had been encrypted, that no decryption software was available in the market, and that any attempt to decrypt the files would lead to loss of all encrypted data.
"Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm.
"We exclusively have decryption software for your situation. No decryption software is available in the public," read excerpts from the message left by hackers.
According to Golf Week, files encrypted by hackers included "extensive promotional banners and logos used in digital and print communications" and digital signage that are being used at Bellerive Country Club and will be used at the upcoming Ryder Cup in France.
"The stolen files also include development work on logos for future PGA Championships. Some of the work began more than a year ago and cannot be easily replicated," the site noted, adding that PGA staff had neither regained complete control over their servers till Wednesday morning nor been able to identify hackers behind the ransomware attack.
A PGA source told Golf Week that the PGA did not intend to pay ransom to the hackers, but the organisation is yet to release a statement on the ransomware attack as it is an ongoing situation. Fortunately, the ransomware attack hasn't affected the ongoing PGA Championship at Bellerive Country Club.
Commenting on the successful ransomware attack on PGA's servers in the United States, Barry Shteiman, VP of research and innovation at Exabeam, told SC Magazine UK that "the best way for organisations to fight ransomware attacks is for their cyber-security teams to understand the business models used by ransomware network operators, the kill chain of a ransomware attack and how to detect and disrupt ransomware in corporate environments".
However, Shteiman has a slightly different take on the question of paying ransom to criminals compared to a vast majority of researchers who absolutely shun the idea.
"While many security experts warn about paying ransoms or entering into negotiations, the answer in reality comes down to simple economics. If the downtime caused by data being unavailable, or by the backup restoration process is more expensive than paying the ransom, then organisations should pay," he says.
"Equally, if giving up on the encrypted data has a higher cost in lost revenue or intellectual property than remediation, then you can also see why an organisation would pay the ransom. Of course, this is a last resort, if all other options have been exhausted," he adds.