The Professional Golfers Association (PGA) of America has been hit with ransomware, with cybercriminals demanding a payment in bitcoin to a specific wallet address. According to Cryptovest, the message read, “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm.” The message also included the typical warning not to attempt to break the encryption themselves or they would lose all of their data.
Although the affected system contained all of the creative media needed to market the association’s entry into the Ryder Cup, sources say that the PGA does not plan to meet the demands. There are also reports that the association’s IT staff has been unsuccessful so far in recovering the files.
A similar attack hit the city of Atlanta earlier this year. While the ransom demand in that case was about $51,000, the city spent more than $2 million trying to correct the situation. The ransomware caused Atlanta’s courthouse documents, and services like payment processing, to become inaccessible.
Baltimore was also hacked, with criminals able to break into the city’s dispatch system that supports emergency calls. Baltimore CIO Frank Johnson called the hack a “limited breach.”
And last year, a virus shut down the entire network of a county in Ohio, including that of the local police force. It’s unknown if the city paid or tried to pay the ransom, but the affected services are still not completely up and running. In addition, the attackers took down the communications portal that would have been used to pay the fee.
The FBI and other law enforcement agencies usually don’t recommend paying these types of ransoms, since it might encourage attackers to keep committing these cybercrimes. However, not everyone agrees.
“Refusing to pay a ransom is unlikely to demotivate cybercriminals from conducting further attacks, as they will always find someone else to pay,” said Ilia Kolochenko, CEO of cybersecurity firm High-Tech Bridge.