The attack was timed with the PGA Championship this week. Credit: PGA America
The Professional Golfer’s Association (PGA) of America is the latest large organisation to be hit by a targeted ransomware attack, ahead of this week’s PGA Championship in Missouri.
Ransomware typically spreads across organisations’ systems or networks and encrypts sensitive files, demanding a ransom to unlock them.
Many variants are launched randomly via junk email messages, but in this case the attack appears to have been targeted specifically at PGA America and timed with this week’s competition.
Files associated with the PGA Championship and the upcoming Ryder Cup in France were locked, according to officials.
The attack surfaced on Tuesday morning when staff found a message from the attackers displayed on their systems.
The message warned that any attempt to decrypt the files could cause them to be permanently deleted.
“We exclusively have decryption software for your situation,” the message said. “No decryption software is available in the public.”
The attackers offered to decrypt sample files in order to prove their “honest intentions”.
The files involved include graphics and display materials for the PGA Championship and the Ryder Cup, including promotional banners and logos for digital and print communications and for digital displays around the competition grounds.
The files also included development work on logos for future championships that would be difficult to replicate, according to Golf Week.
The attackers provided an email address and a Bitcoin wallet number, but didn’t specify a ransom amount.
The PGA declined to comment as the situation was ongoing, but said the PGA Championship would not be affected.
Golf Week cited unnamed sources as saying the PGA did not intend to pay the attackers.
The city of Atlanta was disrupted by ransomware earlier this year in an attack carried out by a gang referred to by the name SamSam.
The SamSam group carries out its attacks exclusively through targeted, manual means, and has raked in nearly $6 million (£4.67m) in ransom payments over the past three years, security experts say.
The SamSam ransomware deliberately seeks out and encrypts backups found on the network in order to maximise its damage, researchers said.
AI push sees Alphabet's Google saying it will consolidate its AI teams in its Research…
Beijing orders Apple to pull Meta's WhatsApp and Threads from its Chinese App Store over…
Key milestone sees Intel Foundry assemble ASML's new “High NA EUV” lithography tool, to begin…
Oracle's huge AI, Cloud investment in Japan will meet growing local demand and address digital…
People who create sexually explicit ‘deepfakes’ of adults will face prosecution under a new law…
Protest at cloud contract with Israel results in staff firings, in addition to layoffs of…