Rhysida Ransomware Attack on Oki Golf Management

Victim Profile

A golf course management company based in Washington state, Oki Golf Management, has fallen victim to a ransomware attack by the Rhysida group. The company operates multiple golf courses and is known for its innovative revenue generation strategies and commitment to environmental sustainability. Its presence in the Washington golf industry is significant.

Company Size and Industry Standing

The company stands out in the industry for its unique revenue generation strategies, such as providing fishing opportunities and environmental education at its Trophy Lake course. The company's partnerships and commitment to environmental sustainability further enhance its reputation in the industry.

Vulnerabilities and Targeting

The vulnerabilities of the company in being targeted by threat actors like the Rhysida ransomware group may stem from its multiple golf course operations and partnerships. The diverse activities and connections within the industry could make it a lucrative target for cybercriminals.

Details of the Ransomware Attack

The victim organization fell prey to a ransomware attack orchestrated by an entity known as Rhysida. Classified as cybercrime, the attack targeted sensitive data including members' information, financial records, and invoices. The attacker demanded a ransom of 2 BTC, equivalent to $140,000, without specifying any exfiltrated data or a ransom deadline. However, a sample of leaked data was provided, indicating a significant breach. This incident poses a very high cyber risk factor for the affected organization. As of April 27, 2024, up to 60% of the data has been partially leaked.

Sources:

Oki Golf Management Website

University of Washington Research Paper

Socradar - Rhysida Ransomware Threat Profile

LogPoint - Uncovering Rhysida and Their Activities