The national association for amateur radio American Radio Relay League (ARRL) last week revealed that it paid out a $1 million ransom after a disruptive May 2024 ransomware attack.
The attack occurred on May 15 and resulted in multiple systems within ARRL’s internal network being encrypted, including desktops, laptops, and Windows and Linux servers.
Last week, the association revealed that the attackers had compromised its on-site systems and most cloud-based systems weeks before deploying file-encrypting ransomware, and that information purchased on the dark web was used for the intrusion.
“This serious incident was an act of organized crime. The highly coordinated and executed attack took place during the early morning hours of May 15,” ARRL said.
The organization immediately formed a crisis management team and engaged with outside security experts and notified law enforcement of the incident.
ARRL also noted that the attackers demanded a multi-million-dollar ransom payment, but they eventually agreed to receive a $1 million payment, as “their ransom demands were dramatically weakened by the fact that they did not have access to any compromising data.”
“That payment, along with the cost of restoration, has been largely covered by our insurance policy,” ARRL said.
The association took multiple services offline following the attack, including Logbook of The World (LoTW), which was restored on July 1. Although the service’s server was not directly affected by the attack, dependencies on other servers were.
“While the Logbook of The World server, Online DXCC, and related user data are secure and unaffected, we have taken the precautionary measure of keeping the services offline until we can ensure the security and integrity of our networks,” ARRL said on June 14.
The organization said last week that most of its systems have been restored, but that infrastructure changes will require “another month or two to complete restoration”.
ARRL did not say whether any personal information was compromised in the attack. In July, however, it notified the Maine Attorney General’s Office that the information of 150 employees, including names, addresses, and Social Security numbers, was likely impacted.
Related: Ransomware Victims Paid $460 Million in First Half of 2024
Related: Understanding the ‘Morphology’ of Ransomware: A Deeper Dive
Related: City of Flint Scrambling to Restore Services Following Ransomware Attack
