August 26, 2024 at 09:12AM
The American Radio Relay League (ARRL) recently disclosed paying a $1 million ransom after a ransomware attack in May 2024. The attack disrupted internal systems, leading to encrypted devices. ARRL stated that the attackers compromised on-site and cloud-based systems prior to the attack. The association has taken measures for system restoration.
From the provided meeting notes, it is clear that the American Radio Relay League (ARRL) experienced a significant ransomware attack in May 2024. The attack resulted in the encryption of multiple systems within ARRL’s internal network, including desktops, laptops, and both Windows and Linux servers.
The attackers compromised both on-site and cloud-based systems weeks before deploying the file-encrypting ransomware. It was noted that information purchased on the dark web was used for the intrusion, indicating a well-organized and planned attack.
ARRL responded by immediately forming a crisis management team, engaging outside security experts, and notifying law enforcement. The attackers demanded a multi-million-dollar ransom, but ARRL negotiated a payment of $1 million. The organization stated that the payment, along with restoration costs, was largely covered by their insurance policy.
As a result of the attack, multiple services, including Logbook of The World (LoTW), were offline, with the latter being restored on July 1. Additionally, ARRL mentioned that infrastructure changes will require “another month or two to complete restoration.”
The impact of the attack on personal information was also addressed, with ARRL notifying the Maine Attorney General’s Office that the information of 150 employees, including names, addresses, and Social Security numbers, was likely impacted.
Overall, ARRL has taken significant steps to recover from the ransomware attack, and restoration efforts are ongoing.
Is there anything specific you would like to know more about regarding the meeting notes?