This article is more than 1 year old

Oh, fore putt's sake: Golf org PGA bunkered up by ransomware attack just days before tournament

That's rough, bet they were well teed off – crooks want Bitcoin

The Professional Golfers' Association of America (PGA) was hit by ransomware just before one of the sport's biggest pro events, which teed off on Thursday.

Scrambled files on its infected computers include "creative materials" for this week's PGA Championship as well as next month's Ryder Cup, Golf Week reported.

The software nasty struck on Tuesday, August 7, demanding the association transfer crypto-coins into a given Bitcoin wallet to restore the encrypted documents. The malware's masterminds reportedly offered to decrypt two files for free as a confidence building measures.

Online speculation suggests the ransomware may be a strain of BitPaymer, however, this remains unconfirmed. BitPaymer recently hit the offices of a number of US municipalities including in the Alaskan region of Matanuska-Susitna, whose workers were forced to fall back on typewriters after their computers became unusable.

A spokesperson for the PGA told The Register today: "This is an ongoing situation, so we have no comment."


BitPaymer infects Windows PCs, and typically spreads by brute-forcing its way into machines via RDP services. It was first spotted in July 2017, and became widely known after hitting Scottish hospitals a month later.

Allan Liska, senior security architect at threat intel biz Recorded Future, said that based on the ransom note, BitPaymer seems the most likely culprit.

The ransomware is believed to have been developed by the Dridex team, the same group responsible for the Locky ransomware, Liska added. "Unlike Locky, which was primarily delivered via phishing attacks, BitPaymer is generally delivered as part of an exploitation campaign, most often initiated through internet-facing RDP servers," he said. "The Dridex team will either exploit unpatched RDP systems or brute force common username/password combinations."

Recovering from BitPaymer attacks is difficult, Liska added.

"At this time, there is no way to decrypt files encrypted by BitPaymer without paying the ransom, so files need to be restored from backups," he warned. "The best defense against BitPaymer is to scan your internet-facing systems to ensure there are no publicly accessible RDP servers and to ensure that antivirus and advanced endpoint protection is up to date." ®

More about


Send us news

Other stories you might like