PGA of America servers are locked by ransomware

After break into PGA's servers, hackers encrypt data and demand a ransom

PGA faces the cruelty of a serious malware infectionPGA servers hacked and important data corrupted by a ransomware-type virus.

Several days ago, PGA (the Professional Golfers' Association of America)[1] noticed the brutal attack against their servers. When trying to access some files, employees spotted the ransom notes saying: “All your files have been encrypted!”[2] This is a typical message showing that the computer is infected with ransomware. Such viruses encrypt valuable victims' data by using a unique encryption code which cannot be obtained without connecting to their servers. The decryption key is given under one condition – if the urged price is transferred to ransomware developers.

The ransom note displayed on PGA's computers provides a Bitcoin wallet number[3] and the email address which should be used to make contact and pay the demanded price. To give evidence that the promise to decrypt data will be fulfilled, cybercriminals offer their victims to unlock two files for free. However, it is known that the PGA did not fall for that trick and stood away from such contact.

Bitpaymer is said to be the cause of encrypted data

According to some speculations, the virus PGA is dealing with is an infamous BitPaymer ransomware. Several reports have revealed that malware has corrupted files such as various PGA logos and banners created for upcoming championships. These logos have been developed for over a year.

Even though control of the servers was taken by the hackers, the PGA is trying to get back to the normal mode. However, the association is still struggling while trying to restore its valuable information and servers to their starter positions[4].

Hackers responsible for the attack can hardly be caught

As already mentioned, crooks provided a specific Bitcoin wallet to transfer the money. However, it is still unknown whether cybersecurity experts will be able to find the owners of this wallet.

Since the beginning of ransomware attacks, crooks have mostly been relying on cryptocurrency like Monero, Bitcoin, and similar. This was done while trying to keep all the transfers safe and secret as there are no personal details required. This is the main reason why money losses are so common in ransomware attacks.

Ransomware attacks have become a common occurrence

Ransomware viruses have become a commonly known disease which is attacking businesses and their servers worldwide. The Internet is full of announcements about numerous hospitals, corporations, big companies, and even cities affected by crypto viruses and suffering from great losses.

Prevention is strongly advised as ransomware can bring serious damage to their victims. Every single computer user should download and install antivirus protection. Furthermore, instructing employees on safe browsing practices and potential dangers when dealing with spam should be a priority of every company. Finally, all important data should be saved on clouds, external hard drives, and similar devices that are disconnected to prevent its corruption.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions