Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

American Radio Relay League Paid $1 Million to Ransomware Gang

The American Radio Relay League (ARRL) says it paid out a $1 million ransom after falling victim to ransomware in May 2024.

The national association for amateur radio American Radio Relay League (ARRL) last week revealed that it paid out a $1 million ransom after a disruptive May 2024 ransomware attack.

The attack occurred on May 15 and resulted in multiple systems within ARRL’s internal network being encrypted, including desktops, laptops, and Windows and Linux servers.

Last week, the association revealed that the attackers had compromised its on-site systems and most cloud-based systems weeks before deploying file-encrypting ransomware, and that information purchased on the dark web was used for the intrusion.

“This serious incident was an act of organized crime. The highly coordinated and executed attack took place during the early morning hours of May 15,” ARRL said.

The organization immediately formed a crisis management team and engaged with outside security experts and notified law enforcement of the incident.

ARRL also noted that the attackers demanded a multi-million-dollar ransom payment, but they eventually agreed to receive a $1 million payment, as “their ransom demands were dramatically weakened by the fact that they did not have access to any compromising data.”

“That payment, along with the cost of restoration, has been largely covered by our insurance policy,” ARRL said.

The association took multiple services offline following the attack, including Logbook of The World (LoTW), which was restored on July 1. Although the service’s server was not directly affected by the attack, dependencies on other servers were.

Advertisement. Scroll to continue reading.

“While the Logbook of The World server, Online DXCC, and related user data are secure and unaffected, we have taken the precautionary measure of keeping the services offline until we can ensure the security and integrity of our networks,” ARRL said on June 14.

The organization said last week that most of its systems have been restored, but that infrastructure changes will require “another month or two to complete restoration”.

ARRL did not say whether any personal information was compromised in the attack. In July, however, it notified the Maine Attorney General’s Office that the information of 150 employees, including names, addresses, and Social Security numbers, was likely impacted.

Related: Ransomware Victims Paid $460 Million in First Half of 2024

Related: Understanding the ‘Morphology’ of Ransomware: A Deeper Dive

Related: City of Flint Scrambling to Restore Services Following Ransomware Attack

Related: Ransomware Attack Cost LoanDepot $27 Million

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights