Following on from the recent LOTW outage and the ARRL cyber attack the statement below was issued by the ARRL yesterday. As suspected by many people in the amateur radio world it was ransomware.
Sometime in early May 2024, ARRL’s systems network was compromised by threat actors (TAs) using information they had purchased on the dark web. The TAs accessed headquarters on-site systems and most cloud-based systems. They used a wide variety of payloads affecting everything from desktops and laptops to Windows-based and Linux-based servers. Despite the wide variety of target configurations, the TAs seemed to have a payload that would host and execute encryption or deletion of network-based IT assets, as well as launch demands for a ransom payment, for every system.
This serious incident was an act of organized crime. The highly coordinated and executed attack took place during the early morning hours of May 15. That morning, as staff arrived, it was immediately apparent that ARRL had become the victim of an extensive and sophisticated ransomware attack. The FBI categorized the attack as “unique” as they had not seen this level of sophistication among the many other attacks, they have experience with. Within 3 hours a crisis management team had been constructed of ARRL management, an outside vendor with extensive resources and experience in the ransomware recovery space, attorneys experienced with managing the legal aspects of the attack including interfacing with the authorities, and our insurance carrier. The authorities were contacted immediately as was the ARRL President.
The ransom demands by the TAs, in exchange for access to their decryption tools, were exorbitant. It was clear they didn’t know, and didn’t care, that they had attacked a small 501(c)(3) organization with limited resources. Their ransom demands were dramatically weakened by the fact that they did not have access to any compromising data. It was also clear that they believed ARRL had extensive insurance coverage that would cover a multi-million-dollar ransom payment. After days of tense negotiation and brinkmanship, ARRL agreed to pay a $1 million ransom. That payment, along with the cost of restoration, has been largely covered by our insurance policy.
From the start of the incident, the ARRL board met weekly using a continuing special board meeting for full progress reports and to offer assistance. In the first few meetings there were significant details to cover, and the board was thoughtfully engaged, asked important questions, and was fully supportive of the team at HQ to keep the restoration efforts moving. Member updates were posted to a single page on the website and were posted across the internet in many forums and groups. ARRL worked closely with professionals deeply experienced in ransomware matters on every post. It is important to understand that the TAs had ARRL under a magnifying glass while we were negotiating. Based on the expert advice we were being given, we could not publicly communicate anything informative, useful, or potentially antagonistic to the TAs during this time frame.
Today, most systems have been restored or are waiting for interfaces to come back online to interconnect them. While we have been in restoration mode, we have also been working to simplify the infrastructure to the extent possible. We anticipate that it may take another month or two to complete restoration under the new infrastructure guidelines and new standards.
Most ARRL member benefits remained operational during the attack. One that wasn’t was Logbook of The World (LoTW), which is one of our most popular member benefits. LoTW data was not impacted by the attack and once the environment was ready to again permit public access to ARRL network-based servers, we returned LoTW into service. The fact that LoTW took less than 4 days to get through a backlog that at times exceeded over 60,000 logs was outstanding.
The board at the ARRL Second Board Meeting in July voted to approve a new committee, the Information Technology Advisory Committee. This will be comprised of ARRL staff, board members with demonstrated experience in IT, and additional members from the IT industry who are currently employed as subject matter experts in a few areas. They will help analyse and advise on future steps to take with ARRL IT within the financial means available to the organization.
We thank you for your patience as we navigated our way through this. The emails of moral support and offers of IT expertise were well received by the team. Although we are not entirely out of the woods yet and are still working to restore minor servers that serve internal needs (such as various email services like bulk mail and some internal reflectors), we are happy with the progress that has been made and for the incredible dedication of staff and consultants who continue to work together to bring this incident to a successful conclusion.
Last year I attended the 


Without all the planning and preparation done over the year it just would not happen. The
When they set up the chairs we give them a challenge, an idea of mine and their officer Scott, to insert a word and/or numbers of one of the themes of the show. Previous years have been USAF 75, Italia 100, and this year RCAF 100 in honour of the Royal Canadian Airforce 100 years. We are already planning 2025 and now we have CAD it will be easier to design.

Friday morning came and after having breakfast we ordered a local taxi to take us to the Messe for the show, 


Looking at the equipment I was taken by the small footprint of the

Along with the presentations and visitors we had another good day. I also managed to go and visit the “flea” market and drool over some old bits of kit that were on sale, and I do keep saying one day I may drive over and bring something back with me. Just not yet as I enjoy the travelling and socialising parts too much.
Sunday is the last day of the show, although not many visitors attend, mostly the weekenders who come and say their goodbyes and start the ravel to their homes around the globe. Our weekend companion
Arriving around lunchtime at the hotel we had a short wait to get into our rooms. So we had a couple of drinks of coffee and then decide to have a beer to try and knock us out for some sleep. After checking in a meal in the bar area and early night was the order of the day ready for the 02:00 alarm to get to the airport for our flight departure of 6am.
Wednesday 26th June 2024.
The short 40 minute journey across the lake gave us time to get some refreshment. Both Ady and I chose to have Apple Pie and cream to take off the hunger before we went to dinner later that day, with a coffee for all 3 of us. If ever you are on the boat across Lake Constance on this journey then do try the apple pie, it was delicious, and one of the best I have ever tasted. Docking in FHN gave us the chance to walk through the town to our hotel, the
A record for us in our travelling time. We had a little wait before we could get into our rooms so we sat outside on the street tables, watched the world go by and had another coffee. Completely chilled and ready for the madness of the weekend.
(VK5GR) had arrived at the hotel from Australia, a 38 hour journey for the 4 days in Friedrichshafen, and went to meet him before bringing him down to the promenade to join us. This gave Ady and myself the chance to have a sneaky beer while we waited.
Charles and Grant arrived and we ordered some of the most beautiful food I have ever tasted, and it is no wonder we have made this our favourite.
that quite literally circumnavigated the earth. They were huge!! A model of the Airbus A380 (72 Meters long) was shown next to one of the airships (212 Meters) long and it looked tiny. The passenger cabins were small, but looked comfortable, and the public areas were plush with silver service for dining and waiter service for drinks – just showing the opulence of the era. The images on here don’t do it justice.




