PGA of America Servers Hacked as Part of Ransom Scheme

In an increasingly dangerous era of cybercrime, hackers have now found a new target: major golf tournaments. On August 8, news broke about the latest hacking attack against the Professional Golfers Association (PGA) servers, locking files and demanding ransom just days before the competition took place.

As an MSP, hacking and ransomware are not new concepts. However, news headlines typically only cover enterprise-level attacks, now including the PGA of America. So, how can you bring a major news story like this down to your SMB clients’ level?

In this post, we’ll take a closer look at the PGA server hack and how you can use this story to bring awareness to the need for your managed security services.

What Happened in the PGA Championship Hack?

According to Golfweek, the PGA of America's computer servers were hacked, locking officials out of crucial files relating to last week’s PGA Championship at Bellerive Country Club and the upcoming Ryder Cup in France. 

PGA staff realized Tuesday morning that their systems had been compromised when attempts to work on the files generated an ominous message:

“Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorythm [sic].”

What’s more, the hackers quickly made clear that their goal was extortion.

The PGA of America received a Bitcoin wallet number that the funds were to be deposited into. Hackers also sent an email offer to the PGA, communicating that they would decrypt two files of their choosing as evidence of their “honest intentions.” In their message, they also noted that the decryption software wasn’t publicly available, so only they would be able to decrypt the files once the ransom was paid. But, the hackers warned that if the organization attempted to crack the encryption, it would lead to the loss of their entire data.

PGA’s Response

The PGA of America had reportedly hired third-party IT security experts to help solve the problem. They also indicated that they do not negotiate with criminals, and had no intentions of meeting the hackers' demands.

Although in a tough situation, the PGA had the right response to this attack. Security experts advise that organizations do not pay the ransom, as it could encourage other hackers to indulge in similar activities even more. Also, it isn’t guaranteed that the hackers would even unlock the encrypted files after a ransom is paid.

The MSP Takeaway

So, what does this all mean for you? First off, if a major organization such as the PGA of America can be hacked, it puts into perspective the even greater vulnerability of the SMB. We’ve said it before and we’ll say it again: the SMB simply isn’t armed for today’s threat landscape.

With low-quality talent, tools and protection, SMBs are prime targets for hackers—yet they don’t realize or understand the need for an advanced security solution beyond simple AV and firewalls. This is where better education can become the turning point when selling security. Using stories like this PGA hack—coupled with the fact that 86 percent of SMBs aren’t confident in their company’s ability to fend off cyber threats—can help break through to your SMB clients and prospects and convince them that they need more. More protection against common threats, more access to security expertise and knowledge, and more peace of mind knowing that you can provide this for them.

But Is Your MSP Prepared to Provide This?

It’s vital that your business, your people and your processes are setup properly to offer managed security services for your clients. To help you, we’ve built the Continuum Security Go-To-Market Playbook, providing you with the resources, templates and materials you need to maximize your success and growth with Continuum Security, the advanced cyber security solution you need to deliver the protections your clients demand.


Want to start more simple? Download the eBook below to discover how you can explain cyber security to your clients:

Download Explaining Cyber Security eBook