Golf association PGA reportedly hit by ransomware

The Professional Golfers' Association of America’s (PGA) computer networks have been infected with ransomware days before a major golfing tournament was set to commence. 

According to Golfweek, the PGA discovered their computers were compromised on Tuesday, which locked the up key files necessary for PGA Championship at Bellerive Country Club that kicked off today, and the upcoming Ryder Cup in France. 

Infected computers were left with the message that threatened any attempt to unlock the files “may lead to the impossibility of recovery of certain files.”

“Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm .”

The misspelling of the word algorithm is the error that’s been seen on computers infected with the BitPaymer ransomware, noted BleepingComputer. 

PGA files that were locked include its promotional banners and logos and digital signage it uses for tournaments. 

The PGA compromise comes a few weeks BitPaymer caused chaos for the government of Matanuska-Susitna Borough in Alaska.

BitPaymer has infected numerous organizations since it was discovered in mid-2017. According to security firm ESET, BitPaymer was developed by the makers of the banking trojan, Dridex. 

The attackers usually target organizations rather than consumers and deliver the malware to organizations using Remote Desktop Protocol (RDP) and ‘brute forcing’ passwords. 

If the PGA is indeed infected with BitPaymer it could face difficulties recovering the files, depending on how it backed them up. The head of IT at the government Matanuska-Susitna Borough reported backups helping save some systems, while its Exchange email system was completely unrecoverable. 

The government organization is holding on to the encrypted files in the hope that the FBI may recover the files if someone discovers a way to decrypt the files. Europol's "no more ransomware" project is hosting a collection of decryption tools, but it doesn't have one for BitPaymer.   

It also believes the ransomware was set to automatically spread across its network after its antivirus began to detect computers infected with the Emotet banking trojan and removing infections. The organization believed the ransomware’s purpose was to destroy evidence that may have been discovered during the investigation. 

Golfweek noted that the ransom message the PGA received include a bitcoin wallet however it did not include a demand for a specific amount of money. 

Last year, BitPaymer's attackers were known to demand up to 53 Bitcoin, which today is worth about $300,000.