ARRL IT Security Incident – $1M ransom

&gt; Sometime in early May 2024, ARRL’s systems network was compromised by threat actors (TAs) using information they had purchased on the dark web. The TAs accessed headquarters on-site systems and most cloud-based systems<p>So someone was using the same password for the work and personal stuff and no one has ever bothered prioritizing 2FA got it.

Why did they agree to pay the ransom? Such a small org it seems like they could rebuild the systems they needed for less than $1mil?..

amateur radio lives in a different IT world. A significant amount of popular software is shared as archived source files with ambiguous licensing, hosted on personal homepages, and served via unencrypted HTTP.

Good excuse to start over.<p>I lost a hard drive once due to a failure. It was actually liberating. A lot of old stuff I didn&#x27;t have to worry about anymore.

The only way to make ransomware go away is to make the penalties for paying higher than the ransom.

probably some kids in a basement. most security admins I&#x27;ve met are total frauds. sophisticated for $1m? no they&#x27;re just trying to keep their jobs after being revealed as totally incompetent.

The failed at having backups and DR&#x2F;BCP.<p>Also, paying ransomware demands should have civil and criminal penalties because all it does is cause more of it. Ransomware insurance should also be illegal.

They should have just rebuilt it. (I&#x27;ve been an ARRL member since 1977). I suppose they didn&#x27;t want to lose LOTW.