Hackers Infect PGA Computers with Ransomware, Demand Bitcoin Payment

PGA of America computers were infected this week with a strain of malicious software that locked down critical files and demanded cryptocurrency for their return.

Officials discovered on Tuesday that servers had been targeted in a ransomware attack that blocked them from obtaining access to material relating to major golf tournaments, including this week's PGA Championship at Bellerive Country Club. Some signage had been in development for over a year and could not be reproduced quickly, Golfweek reported.

The extortion threat was clear: Transfer bitcoin to the hackers or lose the files forever. "Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm (sic)," a ransom read. "Backups were either encrypted or deleted or backup disks were formatted." The note claimed shutting down the system may damage files.

The notice included a bitcoin wallet number—where funds could be sent—and a warning that there was no way to get access to the files without a decryption key. The hackers that said they would prove their "honest intentions" to the PGA of America by unlocking two files free-of-charge.

PGA hacked
Matthew Fitzpatrick of England checks his yardage book during a practice round before the 2018 PGA Championship at Bellerive Country Club on August 8, in St Louis. Computers holding information for this week’s PGA Championship at Bellerive Country Club were hit in a malware attack. Sam Greenwood/Getty Images

A source who asked not to be named told Golfweek that officials had no intention of paying the ransom demand—following the advice of most law enforcement officials and cybersecurity experts. The network remained locked on Wednesday and external researchers are still investigating.

PGA of America has declined to comment.

The golfing association did not reveal what ransomware infected its computers. But tech website Bleeping Computer found the demand matched the BitPaymer variant. Researcher Lawrence Abrams said one previous extortion scheme asked for 53 bitcoins, equivalent to $335,000.

Abrams described BitPaymer as a "secure ransomware" and said the PGA would either have to rely on backups to regain access to its files or pay the significant bitcoin demand. The FBI has previously urged all ransomware victims to report their incidents to U.S. law enforcement.

The federal agency's cybercrime experts advise against giving the hackers money—but have acknowledged that for many victims the situation will be complicated.

"The FBI does not support paying a ransom to the adversary," its Internet Crime Complaint Center said in a release published September 2016.

"Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom.... While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers."

In February of the same year, a hospital in Los Angeles paid $17,000 to hackers who had infected its computers with ransomware and locked down critical systems. In May 2017, a strain now known as "WannaCry" spread across the world, wreaking havoc on more than 200,000 victims.

In most cases, the hijacked files are returned. After all, it's good for business.

Tiger Woods
Tiger Woods continued his 2018 comeback at the BMW Championship first round. Stuart Franklin/Getty Images