After having attacked hospitals and other healthcare organizations, government entities, and the cryptocurrency world, now it seems as though hackers have now found a new target for their ransomware – that new target is golf.
GolfWeek have reported that PGA of America’s office computers were attacked and infected with ransomware; ransom notes first began to appear on the victims’ computer screens this past Tuesday.
According to the article by GolfWeek, the ransom note read:
“Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm [sic].”
It is believed that the ransomware that infected the PGA of America’s computer systems was the BitPaymer ransomware. This determination was made based on the misspelled word “algorithm” in the ransom note. The BitPaymer ransomware was also recently used to infect the computers of a town in Alaska called Matanuska-Susitna.
The BitPaymer ransomware has been on the scene for some time, however, it usually tends to keep its profile pretty low. Over the past few weeks, though, the ransomware has been moderately active.
BitPaymer, much like the SamSam ransomware, seems to target companies by breaching Remote Desktop Services that are connected to the web. After penetrating the network, the ransomware travels through it encrypting all the computers it can access.
The more recent variants have essentially been attaching the .locked extension to the files it has encrypted and ransom notes with the exact same name of those encrypted files, except, with the “.readme_txt” attached to it are then dropped.
For instance, a file named test.jpg that has been encrypted would additionally have a ransom note called test.jpg.readme_txt.
The BitPaymer ransomware is also famous for demanding very large sums of money.