One of the UK’s most exclusive golf clubs has warned 4,000 members that their personal details may have been compromised in a ransomware attack.
The Wentworth Club, whose members include high-profile celebrities, emailed those affected offering its “profuse apologies” after its systems were crippled by cyber criminals.
However, the Telegraph reported that many were already aware of the problem, because – as is common with ransomware attacks – the criminals hijacked the club’s website with the message “Your personal files are encrypted”.
The breached information includes members’ names, dates of birth, home addresses, email addresses and phone numbers, as well as the last four digits of their bank account details.
In a statement, Wentworth’s general manager, Neil Coulson, said:
I fully appreciate this will be concerning for you but we have taken third-party specialist advice and have been assured there is not enough personal information in the file to enable improper access to your private account and therefore it is considered a low risk.
Paying the ransom
The attackers are seeking a ransom – to be paid in Bitcoin – although it’s unclear whether The Wentworth Club intends to meet their request.
Cyber security experts urge organisations not to pay up, because there is no assurance that the attackers will keep their word.
Besides, once the data has been accessed by an unauthorised party, it is considered a data breach regardless of whether criminals’ vow to delete it once they’ve been paid. The organisation must still report the incident and be subjected to regulatory investigation.
As such, the only benefit of meeting the criminal’s demand is the possibility that it will get its systems back online faster, although this process takes longer than many victims think.
In most cases, it wouldn’t take much longer to ignore the criminal altogether and reboot your systems from a backup.
This requires advanced planning – but given the ransomware epidemic that organisations across the globe currently face, it makes sense to implement such measures.