PGA Championship Hit By Targeted Ransomware Attack

The attackers locked files connected with this week’s PGA Championship and the upcoming Ryder Cup

The Professional Golfer’s Association (PGA) of America is the latest large organisation to be hit by a targeted ransomware attack, ahead of this week’s PGA Championship in Missouri.

Ransomware typically spreads across organisations’ systems or networks and encrypts sensitive files, demanding a ransom to unlock them.

Many variants are launched randomly via junk email messages, but in this case the attack appears to have been targeted specifically at PGA America and timed with this week’s competition.

Files associated with the PGA Championship and the upcoming Ryder Cup in France were locked, according to officials.

The attack was timed with the PGA Championship this week. Credit: PGA America

Years of work lost

The attack surfaced on Tuesday morning when staff found a message from the attackers displayed on their systems.

The message warned that any attempt to decrypt the files could cause them to be permanently deleted.

“We exclusively have decryption software for your situation,” the message said. “No decryption software is available in the public.”

The attackers offered to decrypt sample files in order to prove their “honest intentions”.

The files involved include graphics and display materials for the PGA Championship and the Ryder Cup, including promotional banners and logos for digital and print communications and for digital displays around the competition grounds.

Disruption

The files also included development work on logos for future championships that would be difficult to replicate, according to Golf Week.

The attackers provided an email address and a Bitcoin wallet number, but didn’t specify a ransom amount.

The PGA declined to comment as the situation was ongoing, but said the PGA Championship would not be affected.

Golf Week cited unnamed sources as saying the PGA did not intend to pay the attackers.

The city of Atlanta was disrupted by ransomware earlier this year in an attack carried out by a gang referred to by the name SamSam.

The SamSam group carries out its attacks exclusively through targeted, manual means, and has raked in nearly $6 million (£4.67m) in ransom payments over the past three years, security experts say.

The SamSam ransomware deliberately seeks out and encrypts backups found on the network in order to maximise its damage, researchers said.