Cybersecurity Alert: PGA Ransomware Attack Shows Troubling New Hacking Trend

8/15/2018

Cybersecuirty: Ransomware AttackFore! Hackers may be trying to disrupt international golf tournaments.

Earlier this month, reporters from Golfweekmagazine reported that cybercrooks had penetrated the systems of the Professional Golf Association (PGA) and were holding data ransom on the eve of two major international tournaments: The PGA Championship in the U.S., and the Ryder Cup in France. Per Golfweek, the PGA breach was a basic ransomwareattack, meaning cybercriminals penetrated the organization’s servers, encrypted important files and demanded payment to unlock them.

Golfweek reported that targeted files contained creative materials for the PGA Championship and Ryder Cup, including “extensive promotional banners and logos used in digital and print communications, and on digital signage… stolen files also include development work on logos for future PGA Championships.”

While PGA pledged not to pay the cyber-attackers, surely the organization’s operations face disruption during an important period of business. Beyond technical considerations vexing the PGA’s IT team (hackers claim “No decryption software is available in the public”) design work on some signage started more than a year ago and cannot easily be replicated.

Last year, we called ransomware “ today’s biggest cyber-threat” and the PGA incident suggests the situation is worsening along new dimensions. Past attacks – such as Bad Rabbit, Wannacry and Petya – seemed to target large entities involved in critical industries, such as healthcare or public utilities. Moreover, the focus of incursions appeared mostly to be overseas., especially in Europe. Well, along with cybercrooks pursuing a greater variety of companies in larger numbers here in the U.S., the PGA occurrence indicates timing has become a factor, too.

In short, bad guys may be planning to hit you during your best opportunities to grow your revenue, reputation or other valuable aspect of your business. So, we feel reiterating basic ransomware countermeasures is timely:

  1. Increase Cybersecurity Awareness and Education Programs -- Key tips for your users:
    • Never open email attachments from unknown senders or sources
    • Avoid enabling macros from any email attachments
    • Never click on web links embedded in unsolicited emails
    • Keep pace with “phishing lures” that use brand names and other common language
  2. Implement a “White List” -- Don’t just blacklist websites known to carry malicious programs. Develop a “white list,” too. White lists point users to websites known to be secure.
  3. Manage Permissions -- Should every employee have the authority to download software applications through company networks on company-owned and/or managed devices? Probably not. Restricting permission levels can prevent malware like ransomware from running or spreading quickly.
  4. Deceive the Deceivers
    There’s a new class of security technology emerging called “deception tools.” These systems bait ransomware attackers with false data on decoy networks. Malware goes to work encrypting bogus information, keeping it away from real devices and data and giving cyber-monitors the chance to detect intrusions before damage is done.

Leave the Technical Aspects to the Experts
Network protection is a must. Deploy anti-virus / anti-malware and ransomware protection for all endpoints. Ensure your operating system patches are up to date and monitor your network for unwanted intrusions. More and more IT Managed Services Providers (MSPs) are specializing in cybersecurity. Not only can they install and implement measures such as firewalls, they can monitor for intrusions and support recovery from incidents.