The Little Rock Convention and Visitors Bureau was the victim of a recent ransomware attack, according to president and chief executive officer Gretchen Hall, though Hall said she was unable to offer details on the extent of the attack and whether sensitive information was compromised.
In an emailed statement Tuesday, Hall said the bureau experienced a recent ransomware attack in which "cybercriminals deployed malware to lock certain files and systems."
"Upon learning of the issue, we immediately began an investigation and consultation with outside cybersecurity professionals who regularly investigate these matters to determine the extent of the attack and whether any sensitive information may have been accessed or taken by the criminals as part of the attack," Hall said.
Hall said the agency is also working with the outside professionals, as well as regular information technology support, "to safely restore operations as quickly as possible."
"Our investigation and restoration efforts are ongoing," Hall said. "At this time, we do not have evidence that sensitive data has been impacted, but if the ongoing investigation reveals information to the contrary, we will provide appropriate notice to affected individuals."
Hall said the organization regretted any inconvenience the attack may have caused and expressed appreciation for the public's understanding "as we recover from this criminal attack."
She declined to say whether the hackers have demanded payment to unlock files or systems, nor did Hall say when officials at the visitors bureau learned of the attack. She did not name the cybersecurity individuals or firms assisting the bureau.
The bureau is working with the FBI, Hall said.
In an email, she wrote that the organization "cannot share any additional information at this time because it could jeopardize our investigation." She added that the visitors bureau may be able to share more later.
Ransomware is a malicious form of software used to lock and encrypt electronic files or systems and then extort a payment from the victim before they can regain access to their data, according to the electronic-security software company NortonLifeLock. The bad actors behind ransomware often target specific organizations like universities, government agencies and banks, according to the software firm.
Organizations in Arkansas that have experienced ransomware attacks or cybersecurity incidents recently include the El Dorado Police Department, Arkansas Children's Hospital and the University of Arkansas for Medical Sciences.
A UAMS spokeswoman in April told the Arkansas Democrat-Gazette that the discovery of a malware virus led the hospital to temporarily deactivate its information network.
In 2016, the Carroll County sheriff's office paid $2,440 via bitcoin to hackers who demanded payment after locking the department's system with ransomware, the Democrat-Gazette reported at the time.