A Connecticut-based nonprofit has paid $1 million in ransom after a cyberattack that happened in mid-May.
The National Association for Amateur Radio (ARRL) said their system's network was compromised by threat actors who used information they purchased on the dark web on May 15.
"That morning, as staff arrived, it was immediately apparent that ARRL had become the victim of an extensive and sophisticated ransomware attack," ARRL said in a statement.
The cyberattack affected on-site systems and most cloud-based systems, according to ARRL, which includes desktops, laptops, Windows-based and Linux-based servers.
Get top local stories in Connecticut delivered to you every morning. Sign up for NBC Connecticut's News Headlines newsletter.
"Despite the wide variety of target configurations, the [threat actors] seemed to have a payload that would host and execute encryption or deletion of network-based IT assets, as well as launch demands for a ransom payment, for every system," the nonprofit said in a statement.
ARRL called the incident a "highly coordinated and executed attack" and "an act of organized crime." The FBI categorized the attack as "unique," the nonprofit says, because of the sophistication of the cyberattack.
Within hours of the attack, a crisis management team was constructed to investigate.
Local
The nonprofit said ransom demands in exchange for access to decryption tools were unreasonably high.
"It was clear they didn’t know, and didn’t care, that they had attacked a small 501(c)(3) organization with limited resources," the statement reads.
According to ARRL, the attackers did not have access to any compromising data and after days of tense negotiations, they agreed to pay a $1 million ransom. The money, along with the cost of restoration, has been largely covered by their insurance policy.
"It is important to understand that the [threat actors] had ARRL under a magnifying glass while we were negotiating. Based on the expert advice we were being given, we could not publicly communicate anything informative, useful, or potentially antagonistic to the TAs during this time frame," ARRL said.
They say most systems have since been restored or are waiting for interfaces to come back online. And in anticipation of preventing another cyberattack, the nonprofit approved a new committee called the Information Technology Advisory Committee to help analyze and advise on future steps to take.
For more information on the cyberattack, click here.
