Categories: SecurityWorkspace

PGA Championship Hit By Targeted Ransomware Attack

The Professional Golfer’s Association (PGA) of America is the latest large organisation to be hit by a targeted ransomware attack, ahead of this week’s PGA Championship in Missouri.

Ransomware typically spreads across organisations’ systems or networks and encrypts sensitive files, demanding a ransom to unlock them.

Many variants are launched randomly via junk email messages, but in this case the attack appears to have been targeted specifically at PGA America and timed with this week’s competition.

Files associated with the PGA Championship and the upcoming Ryder Cup in France were locked, according to officials.

The attack was timed with the PGA Championship this week. Credit: PGA America

Years of work lost

The attack surfaced on Tuesday morning when staff found a message from the attackers displayed on their systems.

The message warned that any attempt to decrypt the files could cause them to be permanently deleted.

“We exclusively have decryption software for your situation,” the message said. “No decryption software is available in the public.”

The attackers offered to decrypt sample files in order to prove their “honest intentions”.

The files involved include graphics and display materials for the PGA Championship and the Ryder Cup, including promotional banners and logos for digital and print communications and for digital displays around the competition grounds.


The files also included development work on logos for future championships that would be difficult to replicate, according to Golf Week.

The attackers provided an email address and a Bitcoin wallet number, but didn’t specify a ransom amount.

The PGA declined to comment as the situation was ongoing, but said the PGA Championship would not be affected.

Golf Week cited unnamed sources as saying the PGA did not intend to pay the attackers.

The city of Atlanta was disrupted by ransomware earlier this year in an attack carried out by a gang referred to by the name SamSam.

The SamSam group carries out its attacks exclusively through targeted, manual means, and has raked in nearly $6 million (£4.67m) in ransom payments over the past three years, security experts say.

The SamSam ransomware deliberately seeks out and encrypts backups found on the network in order to maximise its damage, researchers said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Increases Concessions, Amid CMA Oversight Of Cookie Removal

Google expands data pledges to address concerns of British competition regulator, overseeing tech giant's removal…

23 hours ago

India Moves To Ban Private Cryptocurrencies

India is to launch its own official digital currency, but will also ban private cryptocurrencies…

1 day ago

Google To Pay Millions To Ireland In Back Taxes

Google is to pay £183m in back taxes to the Irish government, in line with…

1 day ago

Orange CEO Resigns After Court Conviction

Stephane Richard steps down from his CEO and chairman positions of French mobile giant Orange,…

2 days ago

Apple To Use Own iPhone 5G Modem Design In 2023 – Report

Bad news Qualcomm. Team up with TSMC will see Apple utilise its own 5G modems…

2 days ago