What In The World Happened?
The files that were held for ransom contained creative materials for the PGA Championship at Bellerive and September’s Ryder Cup in France. They included promotional banners and logos used in their digital and print communications, and on digital signage around the grounds at Bellerive.
The stolen files also included their logo designs for future championships. The work on these began more than a year ago and can’t be easily replicated.
Based on the misspelling of “algorithm,” PGA of America was most likely hit with the BitPaymer ransomware. This is the same type of ransomware that recently affected the Alaskan Town of Matanuska-Susitna forcing them to use typewriters for a week.
BitPaymer typically demands a lot of money for ransom. In fact, it has made demands between roughly $92,000 to $242,000 in Bitcoins for data to be released.
How Could This Hack Have Been Prevented?
Below are the Critical Security Controls which would have prevented the PGA breach. Do you have these controls in place?
If you aren’t sure, our SecurityWerks Assessment will tell you which of these (and the other Top 20 Critical Security Controls) are in place or have not been implemented in your IT system.
Here Are The Specific Security Controls That Would Have Prevented The PGA Breach:
CSC2 – Inventory and Control of Unauthorized Software
CSC3 – Continuous Vulnerability Management
CSC4 – Controlled Use of Administrative Privileges
CSC6 – Security Information Event Monitoring (SIEM)
CSC9 – Hardening of Insecure Ports, Protocols, and Services
CSC14 – Controlled Access Based on the Need to Know
You Need These Security Controls & Our Defense-In-Depth Strategies To Protect Your Organization From Hacking And Other Sophisticated IT Exploits
As you can see, one or two IT security solutions or assessments isn’t enough anymore. You need a complete managed security solution with multiple layers of protection and ongoing assessments.
A Defense-In-Depth approach protects your computer network with a series of layered defensive mechanisms. If one fails, another will thwart the attack. This is necessary today because there are so many types of potential attackers and a large variety of attack mechanisms.
Using a comprehensive strategy with defense-in-depth solutions reduces the risk of a successful and costly attack on your IT network.
Contact us at Spade Technology if you have any questions about these Security Controls and Defense-In-Depth IT Protection before you get hacked. Had the PGA done this, they may have been able to thwart this costly ransomware attack.
In the meantime, stay on top of the latest news in technology by visiting our Blog.
Here are a few examples of what you’ll find: