A Connecticut-based nonprofit, the National Association for Amateur Radio (ARRL), has fallen victim to a sophisticated cyberattack that cost them $1 million in ransom. The attack, which occurred in mid-May, crippled the organization’s systems and forced them to pay a hefty sum to regain access to their data.
The Attack: A Coordinated and Sophisticated Operation
The cyberattack began on May 15th when threat actors, using information purchased on the dark web, compromised the ARRL’s network. The attack was swift and comprehensive, affecting both on-site systems and cloud-based systems. This included desktops, laptops, and servers running both Windows and Linux operating systems.
“That morning, as staff arrived, it was immediately apparent that ARRL had become the victim of an extensive and sophisticated ransomware attack,” ARRL said in a statement.
The cyberattack was characterized by its “highly coordinated and executed” nature, leading the ARRL to label it an “act of organized crime.” The FBI even classified the attack as “unique” due to its level of sophistication.
The Ransom Demand and Negotiations
The threat actors demanded a significant ransom in exchange for decryption tools, which the ARRL deemed “unreasonably high.” The organization’s limited resources made the demand particularly daunting.
“It was clear they didn’t know, and didn’t care, that they had attacked a small 501(c)(3) organization with limited resources,” the statement reads.
Despite the initial resistance, the ARRL ultimately agreed to pay a $1 million ransom after days of tense negotiations. The decision was made after expert advice indicated that public communication during the negotiation process could be counterproductive.
“It is important to understand that the [threat actors] had ARRL under a magnifying glass while we were negotiating. Based on the expert advice we were being given, we could not publicly communicate anything informative, useful, or potentially antagonistic to the TAs during this time frame,” ARRL said.
The Aftermath: Recovery and Prevention
The ARRL has since been working diligently to restore its systems. Most systems are back online, while others are awaiting the return of necessary interfaces.
To prevent future cyberattacks, the organization has established a new Information Technology Advisory Committee. This committee will be responsible for analyzing and advising on future steps to improve cybersecurity measures.
The ARRL’s experience highlights the growing threat of sophisticated cyberattacks targeting even small organizations. The attack’s impact underscores the importance of robust cybersecurity measures and the potential consequences of falling victim to ransomware.