The News: A Garmin cyber-attack made the tech company pay some or all of a $10 million crypto ransom to hackers who managed to encrypt the firm’s internal network and take down several of its services on July 23. According to an August 1 report from Lawrence Abrams at Bleeping Computer, Garmin’s IT department used a decryptor to regain access to workstations affected by the initial WastedLocker ransomware attack. The malware took down the company’s customer support, navigation solutions, and other online services. Garmin’s script contains a timestamp of ’07/25/2020′, which indicates that the ransom was paid either on July 24 or July 25. Read the Bleeping Computer report here.
Analyst Take: As I have written about cyber-attacks before, I noted they are going to be on the rise, particularly during a time of crisis when companies are most vulnerable. In this instance, during a global pandemic, when not all employees are physically in offices and are relying on remote collaboration during an emergency.
So much security discussion is around mitigation, but it in reality, a lot of security is reaction and recovery. As hackers demanded $10 million for the keys to liberate Garmin’s systems, Sky News reported that the company ultimately paid, likely through an intermediary. Garmin has declined to comment much beyond confirming that a cyberattack did occur. The company’s CEO Cliff Pemble released a statement saying, “Most of you are aware of the recent cyberattack that led to a network outage affecting much of our website and consumer-facing applications. We immediately assessed the nature of the attack and started remediation efforts. We have no indication that any customer data was accessed, lost, or stolen.”
Garmin was lucky in that ransomware attacks usually involve the stealing of files and then the threatening to dump them online if a payment does not come through. Another recent and very public attack against nonprofit software company Blackbaud resulted in hackers stealing files from at least 125 of its clients, including Planned Parenthood and the UK’s National Trust.
Garmin was hit by a relatively new strain of ransomware called WastedLocker, which has been tied to the Russia’s Evil Corp malware dynasty. For about ten years, the hackers behind Evil Corp has been using banking-focused malware to steal more than $100 million from financial institutions. In 2017, Evil Corp began incorporating Bitpaymer ransomware into its theft practices.
Unfortunately, Garmin reports that it hasn’t fully recovered and is still having syncing issues and delays of the Garmin Connect platform. As ransomware is growing in popularity and becoming more sophisticated, holding large institutions like banks, hospitals and even whole cities for ransom, it’s only a matter of time before a big ransomware attack happens again. Companies today need to make sure they have the latest tools for mitigation and CISOs must make sure they have a fast-reacting plan for disaster and recovery.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.