After hackers attack companies, government, agencies and hospitals, they have begun to use BitPaymer ransomware to attack the PGA of America.
According to GolfWeek, the computers in the PGA’s office were infected with ransomware. When the ransom notes and the related information appeared on their computer screens on Tuesday, they realized they were attacked. Here is the information on the ransom note:
“Your network has been infiltrated, and all the files on each host in the network have been encrypted by using a powerful algorithm.”
Based on the analysis of these strings and “algorithm” spelling errors, the PGA is likely to be infected with BitPaymer ransomware. A similar ransomware attack has recently occurred in the town of Matanuska-Susitna, Alaska. The infected institutions were forced to use traditional typewriters for up to a week.
As mentioned above, according to the content of the ransom note, the PGA is likely to have become the target of BitPaymer ransomware. In fact, BitPaymer has been around for a long time, but usually keeps a low profile. In the past few weeks, there have been some Bitpaymer-based activities, the infection can refer to the following figure.
The most recent variant of BitPaymer ransomware uses the .locked as its file extension and releases a ransom note with the same name as the encrypted file, but with the addition of “.readme_txt”. For example, a file named test.jpg will be given a ransom note called “test.jpg.readme_txt” after being encrypted. The picture below is an example of a ransom note for BitPaymer ransomware. It should be noted that the strings in the example match the strings mentioned in the GolfWeek article.
Moreover, BitPaymer is also known for charging huge ransoms to decrypt computers. For example, a victim infected with BitPaymer was asked to pay 53 bitcoins to decrypt the entire network. Unfortunately, the PGA has only two options to deal with it, either a backup for recovering files or a huge ransom.
Reminder
If your PC is infected, you can open “360 Ransomware Decryption Tool” in 360 Total Security‘s Tool Box; select the path of the encrypted files; and click scan to decrypt. As the most powerful and efficient ransomware decryption tool in the world, it can save files infected by almost 100 ransomware.