PGA of America Infected with Ransomware

According to a GolfWeek report, computers at the PGA of America were infected with ransomware. Based on indicators from the ransom note, the network appears to have been infected with the BitPaymer ransomware variant. This is the same variant that infected the Anchorage, Alaska Borough of Matanuska-Susitna and other organizations around the country in recent weeks. BitPaymer typically infects targeted networks via remote access services open to the internet, such as RDP (Remote Desktop Protocol). The threat actors behind the variant are known to demand large ransom payments to decrypt systems. The NJCCIC recommends organizations maintain current backups of critical data and systems and keep them stored offline and in a secure location. In the event of a ransomware attack, restoring from backups is often the best course of action to ensure the integrity and availability of data. Additionally, organizations are advised to disable all unnecessary ports and services as they may be used to infect devices and propagate to other systems on a network. For information on the risks associated with remote access services, please see the NJCCIC post, Remote Access: Open Ports Create Targets of Opportunity, Undue Risk.

AlertNJCCICMalware, Ransomware