Spade Technology: Blog

The PGA Just “Took A Triple Bogie” With A Costly Ransomware Attack

If It’s So Easy To Hack The PGA, How Easy Will It Be To Hack You? (Questions/Answers)

What In The World Happened?

PGA Hack

The files that were held for ransom contained creative materials for the PGA Championship at Bellerive and September’s Ryder Cup in France. They included promotional banners and logos used in their digital and print communications, and on digital signage around the grounds at Bellerive.

The stolen files also included their logo designs for future championships. The work on these began more than a year ago and can’t be easily replicated.

BitPaymer Ransomware

Based on the misspelling of “algorithm,” PGA of America was most likely hit with the BitPaymer ransomware. This is the same type of ransomware that recently affected the Alaskan Town of Matanuska-Susitna forcing them to use typewriters for a week.

BitPaymer typically demands a lot of money for ransom. In fact, it has made demands between roughly $92,000 to $242,000 in Bitcoins for data to be released.

How Could This Hack Have Been Prevented?

Below are the Critical Security Controls which would have prevented the PGA breach.  Do you have these controls in place?

If you aren’t sure, our SecurityWerks Assessment will tell you which of these (and the other Top 20 Critical Security Controls) are in place or have not been implemented in your IT system.

Here Are The Specific Security Controls That Would Have Prevented The PGA Breach:

CSC2 – Inventory and Control of Unauthorized Software

  • Ransomware is NOT authorized software and should not have been allowed to install or execute in the environment.
  • Application whitelisting should have been in place to only allow business-needed applications to run.

CSC3 – Continuous Vulnerability Management

  • Known vulnerabilities in the environment should have been closed to prevent remote exploits such as ransomware injection.

CSC4 – Controlled Use of Administrative Privileges

  • Administrative accounts or any account with the ability to install software should be locked down to only named users.
  • Default administrative accounts should never be used.
  • Shared administrative accounts should never be used by multiple administrators.
  • Administrative accounts should require multi-factor authentication to log in.

CSC6 – Security Information Event Monitoring (SIEM)

  • A 24x7x365 Security Operations Center (SOC) should be monitoring remote logins with a SIEM tool for suspicious login activity.
  • Suspicious login activities, such as strange time-of-day logins and location-based logins (from Russia) should receive alerts and be investigated in real-time.
  • Any time an administrative account is used to log in, it should be approved, or alert the SOC.

CSC9 – Hardening of Insecure Ports, Protocols, and Services

  • Insecure ports, protocols, and services (such as Remote Desktop Protocol) should be locked down or disabled, and not presented to the public Internet.
  • Remote Logins should be monitored by the SOC, and only secure, qualified remote access protocols should be used.
  • Remote Access should be limited to geographic regions where users work from.
  • Regions that users do not log in remotely from (such as Russia) should be blocked.

CSC14 – Controlled Access Based on the Need to Know

  • Instead of having shared data available to everyone, company data should be inventoried and categorized by department.
  • Only users with a need for data to perform their specific job duties should have access to it.

You Need These Security Controls & Our Defense-In-Depth Strategies To Protect Your Organization From Hacking And Other Sophisticated IT Exploits

As you can see, one or two IT security solutions or assessments isn’t enough anymore. You need a complete managed security solution with multiple layers of protection and ongoing assessments.

A Defense-In-Depth approach protects your computer network with a series of layered defensive mechanisms. If one fails, another will thwart the attack. This is necessary today because there are so many types of potential attackers and a large variety of attack mechanisms.

Using a comprehensive strategy with defense-in-depth solutions reduces the risk of a successful and costly attack on your IT network.

Contact us at Spade Technology if you have any questions about these Security Controls and Defense-In-Depth IT Protection before you get hacked. Had the PGA done this, they may have been able to thwart this costly ransomware attack.

In the meantime, stay on top of the latest news in technology by visiting our Blog.

Here are a few examples of what you’ll find:

August 2018 Ransomware Update

What Employees Need To Know About Phishing Attacks

What is a CCNA Level Engineer and What Do They Do?