PGA of America computers were infected this week with a strain of malicious software that locked down critical files and demanded Attack.Ransom cryptocurrency for their return . Officials discovered on Tuesday that servers had been targeted in a ransomware attack Attack.Ransom that blocked them from obtaining access to material relating to major golf tournaments , including this week ’ s PGA Championship at Bellerive Country Club . Some signage had been in development for over a year and could not be reproduced quickly , Golfweek reported . The extortion threat Attack.Ransom was clear : Transfer bitcoin to the hackers or lose the files forever . “ Your network has been penetrated . All files on each host in the network have been encrypted with a strong algorythm ( sic ) , ” a ransom read . “ Backups were either encrypted or deleted or backup disks were formatted. ” The note claimed shutting down the system may damage files . The notice included a bitcoin wallet number—where funds could be sent—and a warning that there was no way to get access to the files without a decryption key . The hackers that said they would prove their “ honest intentions ” to the PGA of America by unlocking two files free-of-charge . A source who asked not to be named told Golfweek that officials had no intention of paying the ransom demand Attack.Ransom —following the advice of most law enforcement officials and cybersecurity experts . The network remained locked on Wednesday and external researchers are still investigating . PGA of America has declined to comment . The golfing association did not reveal what ransomware infected its computers . But tech website Bleeping Computer found the demand matched the BitPaymer variant . Researcher Lawrence Abrams said one previous extortion Attack.Ransom scheme asked for Attack.Ransom 53 bitcoins , equivalent to $ 335,000 . Abrams described BitPaymer as a “ secure ransomware ” and said the PGA would either have to rely on backups to regain access to its files or pay Attack.Ransom the significant bitcoin demand Attack.Ransom .

The Colorado Department of Transportation ( DOT ) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday , February 21 . The agency 's IT staff is working with its antivirus provider McAfee to remediate affected workstations and safeguard other endpoints before before reintroducing PCs into its network . DOT officials told local press [ 1 , 2 ] that crucial systems were not affected , such as those managing road surveillance cameras , traffic alerts , message boards , and others . The agency 's Twitter feed continued to show traffic alerts after the agency shut down much of its employees ' IT network . Colorado DOT will not pay the ransom Attack.Ransom In a rare sign of transparency , officials revealed the name of the ransomware —SamSam . This is the same ransomware strain that infected hospitals , city councils , and ICS firms in January . The hackers made over $ 300,000 from those attacks . One of the victims , an Indiana hospital agreed to pay Attack.Ransom a $ 55,000 ransom demand Attack.Ransom despite having backups . Hospital officials said it was easier and faster to pay the ransom Attack.Ransom than restore all its computers ' data from backups . DOT officials said they do n't intend to follow suit by paying the ransom demand Attack.Ransom and they will restore from backups . SamSam ransomware making a comeback The SamSam ransomware is a ransomware strain that 's been deployed by a single group . Infection occurs after attackers gain access to a company 's internal networks by brute-forcing RDP connections . Attackers then try to gain access to as many computers on the same network as possible , on which they manually run the SamSam ransomware to encrypt files . In the recent campaigns , SamSam operators usually asked for Attack.Ransom a 1 Bitcoin ransom Attack.Ransom and left a message of `` I 'm sorry '' on victims ' computers . The SamSam group had been previously active in the winter of 2016 but have come back with new attacks . These new attacks have been detailed in reports published by Bleeping Computer , Secureworks , and Cisco Talos .

When Cloquet school officials realized staff were unable to access certain files the morning of Aug 3 , there may have been a certain amount of negative `` been there , done that '' feeling involved . For the second time in three years , the school district is the target of a ransomware attack Attack.Ransom — a particularly virulent computer malware that spreads from computer to computer , locking up access to network servers and turning documents into gibberish before offering `` help '' in the form of a request for payment Attack.Ransom to provide a `` key '' to unlock the files . Last time , in March 2016 , the district had to cancel school for a day to allow technology staff time to recover from the malware , which infected some of the district 's servers and many of its more than 600 computers . This time , it happened over summer vacation , and the attack was not as devastating . According to the staff report from Cloquet School District Technology Director T.J.Smith , the virus encrypted files on all servers except one , including network shared drives . However , there is no indication that any information was "stolen Attack.Databreach , '' just that it had been encrypted , so users were unable to open the files . Smith explained to Cloquet School Board members Monday , Aug 13 , that the district had two options , not including paying the ransom demand Attack.Ransom : either try to recover the data , which may not be successful and could be a waste of time and money , or figure out how to recreate the data and rebuild the affected servers . He advocated the second option , noting that the lost data was not `` mission critical '' and that insurance will pay to return the servers to their previous state . Board members voted unanimously for the second option of re-creating information and rebuilding the servers ; they also voted to hire a company to do a `` forensic '' investigation to try and determine how the virus got in . The total cost to the school district for insurance deductibles , estimated at $ 15,000 , will be covered by money already in the technology budget . Superintendent Michael Cary said the district determined that paying a ransom Attack.Ransom `` is not in the best interest of our schools and the community we serve . '' Board Chairman Ted Lammi said he believes such payments to hackers should be illegal . `` Some institutions have paid big bucks and that 's why these guys do it , '' Lammi said . Board member Duane Buytaert , who works in technology for Carlton County , said it can also be a matter of making sure users know how to detect such attacks . `` We all get those wacky emails , '' he said . Staff training should be a priority , board members agreed . On the positive side , Smith said technology staff were able to recover quite a bit of data already , and staff can recreate the data that was lost . The recovery process should not affect the start of school Sept 5 .

According to Darin Stanchfield , KeepKey founder and CEO , the attack took place on Christmas Day , December 25 , when an unknown attacker had activated a new phone number with Stanchfield 's Verizon account . This allowed the attacker to request a password reset for his Verizon email account , but receive the password reset details on the newly activated phone number . A few minutes later , the attacker had taken over Stanchfield 's email account and proceeded to request password resets for several services where the KeepKey founder had used that email address to register profiles . In no time , the attacker had taken over several of Stanchfield 's accounts on other sites , such as KeepKey 's official Twitter account , and several of KeepKey 's side services , such as accounts for sales distribution channels and email marketing software . In less than an hour after the attack started , the KeepKey CEO had discovered what happened and started working with his staff to regain access to the hijacked accounts , while also blocking the intruder from reaching other KeepKey services . The attacker also contacted the KeepKey staff , offering to provide details about how he hacked Attack.Databreach the Verizon email account and what he stole Attack.Databreach . The attacker had also promised to return the stolen data and keep quiet about the hack Attack.Databreach if KeepKey would agree to pay Attack.Ransom him 30 Bitcoin ( ~ $ 30,000 ) . Instead of paying the ransom demand Attack.Ransom , the KeepKey team managed to stall the attacker for two more hours , during which time they regained access to all but one account , the company 's Twitter profile . Since the night of the hack , the company has filed a complaint with the FBI and is now offering the 30 Bitcoin ransom Attack.Ransom as a reward for any clues that lead to the attacker 's arrest . KeepKey was adamant about the attacker not being able to access any of its customers ' Bitcoin access keys stored on its devices . KeepKey is known in the Bitcoin market for manufacturing hardware devices that allow users to store the access keys used to authenticate on Bitcoin wallets . The device , which is a modified USB storage unit , works offline and the keys on it can be accessed only with physical access to the device . In the Christmas security breach , the attacker would have only managed to steal Attack.Databreach home addresses , emails , and phone numbers from users that have bought KeepKey devices in the past , and not the content of those devices . It is unknown at the time of writing if the attacker used the access over these accounts to steal Attack.Databreach any KeepKey customer data . Nevertheless , as a precautionary measure , the company is offering a 30-day refund policy to all customers that had their details stored in the sales distribution channels and email marketing software accounts that the attacker managed to gain access Attack.Databreach to . At the start of December , someone had taken over the mobile number of Bo Shen , the founder of Bitcoin venture capital firm Fenbushi Capital , and had stolen at least $ 300,000 worth of Augur and Ether cryptocurrency . Two weeks later , the same hacker took over a mobile number for one of the Ethereum Project 's admins and used it to reset the passwords for various accounts , eventually downloading a copy Attack.Databreach of Ethereum forum database backup , dated to April 2016 . At the time of writing , there are no clues that link the first two attacks with the security breach at KeepKey , despite the similar hacking methods