Garmin Cyber-attack Garners Up To $10 Million Ransom To Hackers
The News: A Garmin cyber-attack made the tech company pay some or all of a $10 million crypto ransom to hackers who managed to encrypt the firm’s internal network and take down several of its services on July 23. According to an August 1 report from Lawrence Abrams at Bleeping Computer, Garmin’s IT department used a decryptor to regain access to workstations affected by the initial WastedLocker ransomware attack. The malware took down the company’s customer support, navigation solutions, and other online services. Garmin’s script contains a timestamp of ’07/25/2020′, which indicates that the ransom was paid either on July 24 or July 25. Read the Bleeping Computer report here.
Analyst Take: As I have written about cyber-attacks before, I noted they are going to be on the rise, particularly during a time of crisis when companies are most vulnerable. In this instance, during a global pandemic, when not all employees are physically in offices and are relying on remote collaboration during an emergency.
So much security discussion is around mitigation, but it in reality, a lot of security is reaction and recovery. As hackers demanded $10 million for the keys to liberate Garmin’s systems, Sky News reported that the company ultimately paid, likely through an intermediary. Garmin has declined to comment much beyond confirming that a cyberattack did occur. The company’s CEO Cliff Pemble released a statement saying, “Most of you are aware of the recent cyberattack that led to a network outage affecting much of our website and consumer-facing applications. We immediately assessed the nature of the attack and started remediation efforts. We have no indication that any customer data was accessed, lost, or stolen.”
Garmin was lucky in that ransomware attacks usually involve the stealing of files and then the threatening to dump them online if a payment does not come through. Another recent and very public attack against nonprofit software company Blackbaud resulted in hackers stealing files from at least 125 of its clients, including Planned Parenthood and the UK’s National Trust.
Garmin was hit by a relatively new strain of ransomware called WastedLocker, which has been tied to the Russia’s Evil Corp malware dynasty. For about ten years, the hackers behind Evil Corp has been using banking-focused malware to steal more than $100 million from financial institutions. In 2017, Evil Corp began incorporating Bitpaymer ransomware into its theft practices.
Unfortunately, Garmin reports that it hasn’t fully recovered and is still having syncing issues and delays of the Garmin Connect platform. As ransomware is growing in popularity and becoming more sophisticated, holding large institutions like banks, hospitals and even whole cities for ransom, it’s only a matter of time before a big ransomware attack happens again. Companies today need to make sure they have the latest tools for mitigation and CISOs must make sure they have a fast-reacting plan for disaster and recovery.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.
Other insights from the Futurum team:
What the Massive Twitter Hack Means for CISOs and Security Vendors
CISO’s Playbook for Leading Security During COVID-19 – Futurum Tech Podcast Interview Series
Failing IoT Security Means Old Malware Makes IoT Comeback
Image Credit: Cycling Tips
Sarah most recently served as the head of industry research for Oracle. Her experience working as a research director and analyst extends across multiple focus areas including AI, big data and analytics, cloud infrastructure and operations, OSS/BSS, customer experience, IoT, SDN/NFV, mobile enterprise, cable/MSO issues, and managed services. Sarah has also conducted primary research of the retail, banking, financial services, healthcare, higher ed, manufacturing, and insurance industries and her research has been cited by media such as Forbes, U.S. News & World Report, VentureBeat, ReCode, and various trade publications, such as eMarketer and The Financial Brand.