American Radio Relay League admits paying a ransom demand

September 2, 2024
American Radio Relay League Ransomware Ransom Demand Cybercriminals Data Breach Hacking

The American Radio Relay League (ARRL) confirmed that it paid a $1 million ransom in exchange for a decryptor for its encrypted systems from the threat actors that conducted a ransomware attack last May.

After discovering the issue, the National Association for Amateur Radio isolated some of its systems to mitigate the intrusion. One month later, it was announced that a cybercriminal group had compromised its network in a sophisticated attack.

ARRL later rolled out notification letters to inform impacted individuals about the data breach incident. The notification letters revealed that the company had discovered a sophisticated ransomware incident on May 14 after its computer systems were compromised.

Moreover, in a July filing with the Maine Attorney General’s Office, ARRL disclosed that the data breach affected only 150 employees. While the firm has not yet attributed the attack to a specific ransomware operation, researchers claimed that the Embargo ransomware gang was responsible for the data breach.

ARRL also claimed in the breach notifications that they had already taken all necessary steps to prevent the attackers from leaking the compromised data.

 

An insurance company covered the ransom payment of the American Radio Relay League.

 

The American Radio Relay League stated last week that it had paid the threat actors a ransom not to prevent stolen data from being leaked but to acquire a decryption key to recover systems affected by the May ransomware incident.

Reports revealed that these ransomware operators demanded excessive ransoms to access their decryption capabilities. However, their ransom demands were significantly reduced because they lacked access to sensitive data.

It was also evident that they felt ARRL had comprehensive insurance coverage for a multi-million-dollar ransom payment. After days of negotiations, ARRL agreed to pay the $1 million ransom, but they issued their insurance policy covering most of the total amount and the expense of restoration.

As of now, the majority of the ARRL systems have already been restored, and under its new infrastructure guidelines and standards, it will take up to two months to fix all damaged servers.

About the author