BitPaymer ransomware attack may cost the PGA more than 335,500 USD [source: 360totalsecurity]

14 Aug 2018

No Comments

1214

After hackers attack companies, government, agencies and hospitals, they have begun to use BitPaymer ransomware to attack the PGA of America.

According to GolfWeek, the computers in the PGA’s office were infected with ransomware. When the ransom notes and the related information appeared on their computer screens on Tuesday, they realized they were attacked. Here is the information on the ransom note:

“Your network has been infiltrated, and all the files on each host in the network have been encrypted by using a powerful algorithm.”

Based on the analysis of these strings and “algorithm” spelling errors, the PGA is likely to be infected with BitPaymer ransomware. A similar ransomware attack has recently occurred in the town of Matanuska-Susitna, Alaska. The infected institutions were forced to use traditional typewriters for up to a week.

As mentioned above, according to the content of the ransom note, the PGA is likely to have become the target of BitPaymer ransomware. In fact, BitPaymer has been around for a long time, but usually keeps a low profile. In the past few weeks, there have been some Bitpaymer-based activities, the infection can refer to the following figure.

The most recent variant of BitPaymer ransomware uses the .locked as its file extension and releases a ransom note with the same name as the encrypted file, but with the addition of “.readme_txt”. For example, a file named test.jpg will be given a ransom note called “test.jpg.readme_txt” after being encrypted. The picture below is an example of a ransom note for BitPaymer ransomware. It should be noted that the strings in the example match the strings mentioned in the GolfWeek article.

For more, click here.