ARRL pays hackers $1 million to restore systems
The American Radio Relay League (ARRL), the national association for amateur radio, confirms it paid $1 million to restore its encrypted systems.
On or around May 15, an unknown threat actor took control of ARRL’s computer systems and obtained the private information of some of its employees, including names, addresses, and Social Security numbers.
In a breach notification, the amateur radio club said it took the affected systems offline, secured its network, and called upon third-party forensic experts to investigate the case.
Three months after the incident ARRL has published a press release, in which it shares more details of what happened. According to the ARRL’s press release, the threat actor used “a wide variety of payloads affecting everything from desktops and laptops to Windows-based and Linux-based servers.”
Once the threat actor succeeded in delivering and installing ransomware, he demanded an “exorbitant” amount of ransom in exchange for his decryption tools.
“It was clear they didn’t know and didn’t care that they had attacked a small organization with limited resources. Their ransom demands were dramatically weakened by the fact that they did not have access to any compromising data. It was also clear that they believed ARRL had extensive insurance coverage that would cover a multi-million-dollar ransom payment,” the radio amateur club states.
After days of negotiation, ARRL agreed to pay a 1 million dollar ransom, which was largely covered by its insurance policy. As of today, most computer systems have been restored or are coming back online. ARRL expects it will take two months to fully restore all systems and implement a new infrastructure.
To analyze and advise on future steps, ARRL has installed the Information Technology Advisory Committee. The new body will be comprised of ARRL employees, board members with vast IT knowledge, and third-party members from the IT industry.
“Although we are not entirely out of the woods yet and are still working to restore minor servers that serve internal needs (such as various email services like bulk mail and some internal reflectors), we are happy with the progress that has been made and for the incredible dedication of staff and consultants who continue to work together to bring this incident to a successful conclusion,” ARRL concludes its statement.
Who’s responsible for the ransomware attack remains unknown. Sources have told news outlets that the Embargo ransomware operation was behind the breach, but that hasn’t been officially confirmed.
Your email address will not be published. Required fields are marked