The American Radio Relay League (ARRL) has disclosed that it paid a $1 million ransom to obtain a decryptor and recover the affected data following a high-profile cyberattack by a Cloud ransomware variant, which had encrypting techniques deployed to compromise its systems.
Following the discovery of the incident, the Nationwide Association for Amateur Radio promptly investigated and addressed the breach. One month on, the company revealed that its online community had been breached by an unidentified perpetrator in a subtle yet insidious cyberattack.
The American Radio Relay League (ARRL) subsequently notified affected individuals via data breach notification letters, confirming the discovery of a “sleight ransomware incident” on May 14, following the encryption of its laptop systems. According to a July statement by the Office of Maine’s Attorney General, the American Radio Relay League (ARRL) reported that a data breach had only impacted 150 employees.
While no direct link between the attack and a specific ransomware operation has been established, reports from BleepingComputer suggest that the Embargo ransomware gang may be responsible for the breach.
The ARRL’s breach notification further stated that, having taken all reasonable measures to prevent dissemination of the compromised data, it had already taken “all affordable steps” to halt any further publication or distribution of the leaked information, which some interpreted as an implicit admission that a ransom was or would likely be paid.
A $1 million ransom demand was cushioned by adequate insurance coverage.
ARRL confirmed on Wednesday that it had reluctantly paid the hackers a ransom to prevent further leaks and procure a decryption tool to recover compromised data and systems following the attack on May 15.
“The ransom demands from the TAs, in exchange for access to their decryption tools, have been exorbitantly high.” As it starkly revealed, the attackers remained oblivious to the fact that their target was a tiny, 501(c)(3)-designated non-profit organisation severely constrained by its funding limitations.
Their ransom demands have been dramatically weakened by the fact that they didn’t have access to any incriminating information. It was evident that the parties assumed ARRL possessed comprehensive insurance coverage capable of covering a multi-million-dollar ransom demand.
Following an intense period of protracted negotiations and high-stakes posturing, the Amateur Radio Relay League ultimately succumbed to pressure, agreeing to meet the demands of its extortionists by paying out a substantial $1 million ransom. That expense, coupled with the cost of restoration, has been largely offset by our insurance coverage.
According to ARRL, the majority of techniques have already been restored, with an anticipated timeframe of approximately two months to fully recover all impacted servers, predominantly those utilized internally, under newly established infrastructure guidelines and requirements.