History
2024: Payment of $1 million to ransomware hackers to unlock IT systems
On August 22, 2024, the Amateur Radio League of America (ARRL) announced a ransom of $1 million to hackers to unlock their IT systems, which were paralyzed after a large-scale ransomware attack. According to available information, the Embargo group is behind cyber warfare.
The attack reportedly took place in the first half of May 2024. Attackers gained access to local IT systems at ARRL headquarters and to most cloud resources. Hackers used a wide range of malicious components aimed at various elements of the infrastructure - from desktops and laptops to servers based on Windows and. Linux After that, cybercriminals carried out enciphering information and demanded a large ransom for restoring the performance of IT services.
Immediately after the invasion was detected, ARRL specialists turned off computer systems, but the hackers had by that time managed to disable the main services of the organization. After days of tense negotiations, the ARRL agreed to pay the attackers a ransom. It is emphasized that the payment, as well as the cost of restoration work, are largely covered by the insurance policy.
It is noted that ARRL, as part of the investigation of the incident and the restoration of IT systems, worked closely with professionals with extensive experience in matters related to ransomware. During the attack, cybercriminals stole personal information about about 150 employees of the organization. As of August 22, 2024, most ARRL services have resumed operation. At the same time, the organization is working to simplify its information infrastructure and increase its security. It will take up to two months to complete all work under the new guidelines.[1]