Posted on

The PGA Falls Victim To Bitcoin Ransomware Attack

While cryptocurrency prices have taken a tumble, with valuations falling by upwards of 70%, ransomware still seems to be a medium of attack for cryptocurrency-focused hackers. As per an article from Golfweek, the Professional Golfers Association, a group of the best golfers from around the globe, has fallen under a cyberattack.

The report from the golf news source pointed out how “shadowy bandits” locked PGA officials out of essential files, with this attack coming prior to two upcoming PGA Championships in the U.S. and France.

The news of this ransomware attack first originated on Tuesday morning, when PGA staff members were unable to access their files to work on. When opening a file, the staff would be prompted with the following message, which clearly led some to believe that something was afoot:

 “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm… We exclusively have decryption software for your situation. No decryption software is available in the public.”

As is the common theme with ransomware attacks, hackers also noted that any attempt to break the algorithm could result in the files being deleted permanently, writing:

“This may lead to the impossibility of recovery of certain files.”

Upon further investigation, the files that were under lock and key was revealed to be creative materials for the upcoming championships. More specifically, the promotional logos and banners that would be used for digital and physical publications for advertisements. It was also noted that the locked media includes development work on future PGA logos, which are near-irreplaceable and are the brainchildren of PGA staff.

The message also included a Bitcoin wallet address, but the hackers did not specify an amount that the PGA staff should pay to gain control over their files. While the work locked up is of importance, a person familiar with the matter expects the PGA to push aside this issue, and will not be willing to pay any sort of ransom.

The promotional materials may be important to the PGA, but maybe not important enough to warrant a hefty sum, as the U.S.-based association has yet to discover cases of ransomware that will substantially impact the success of the upcoming tournament circuit.

Cryptojacking And Ransomware, Two Primary Methods of Crypto CyberAttack

Cryptojacking and ransomware have become growing issues as cryptocurrencies have exploded in value. While ransomware, the method of attack aforementioned, still remains a hot topic within the hacker community, cryptojacking has quickly surpassed ransomware to become the biggest cyber problem.

For those who are unaware, cryptojacking is a specific type of cybercrime that sees malicious hackers take control of a victim’s piece of technology, forcing the device to mine cryptocurrencies for the hacker’s personal gain. Cryptojacking malware, although generating only a few cents per device affected, can easily sweep across thousands, if not millions of computers, netting the hackers a nice reward.

Many hackers have begun to allocate their resources to cryptojacking instead of ransomware, as it is often unintrusive and goes under the radar of many consumers. As cybersecurity expert Troy Mursch put it:

Ransomware is basically like pointing a gun at you and saying, ‘Hey, pay up or you’re not getting your files back,’ versus cryptojacking you might not even know about it, it’s just going to silently steal your electricity.

Photo by Fancycrave on Unsplash


Posted on

Facebook Messenger Malware Mines Monero

Reports are emerging today of malicious software that targets Facebook Messenger to mine cryptocurrency. As Bitcoin and altcoins become more popular and increase in value, hackers and cyber-criminals will be looking for weak links to exploit in order to gain some of it. There is no weaker link than social media which is a minefield of scams, fake news, click bait and now mining malware.

According to researchers at cyber security firm Trend Micro the malware dubbed Digmine infects the desktop version of Facebook’s instant messenger platform. The bot is designed to harness CPU power on the victim’s machine to secretly mine Monero, an altcoin based on an anonymous blockchain.

It comes veiled as a video file that will be sent from someone in the user’s friends list so as to appear genuine. At the moment it only targets the desktop version of the chat software on Google Chrome, mobile versions are not affected. Attackers will also be able to gain access to the user’s   Facebook profile and their list of friends in order to disseminate the malware further. Researchers at Trend Micro said:

“If the user’s Facebook account is set to log in automatically, Digmine will manipulate Facebook Messenger in order to send a link to the file to the account’s friends. The abuse of Facebook is limited to propagation for now, but it wouldn’t be implausible for attackers to hijack the Facebook account itself down the line.”

Once infected a crypto miner based on an open source Monero miner called XMRig is installed which will then silently start using CPU resources in the background to mine Monero and send the profits to the hackers. The bot also installs an automatic startup script which will launch the Chrome browser preloaded with a malicious extension. This is achieved via the command line as extensions are usually only downloaded from the Chrome web store.

The cyber security firm went on to state:

“The extension will read its own configuration from the C&C (command and control) server. It can instruct the extension to either proceed with logging in to Facebook or open a fake page that will play a video. The decoy website that plays the video also serves as part of their C&C structure. This site pretends to be a video streaming site but also holds a lot of the configurations for the malware’s components.”

This is not the first time mining malware has made it into the wild. An outbreak of Coinhive was used to attack Android apps back in October to mine the same altcoin. Vigilance is the key for those that are heavy Facebook users, this is only the beginning when it comes to crypto mining malware, there will be more to come.