Garmin Is Slowly Recovering From a Major Ransomware Attack
Yesterday, Garmin, one of the world's biggest manufacturers of GPS-enabled devices, announced that it has suffered what has to be an unprecedented ransomware attack. The infection affected many of the company's cloud-based services, and the outage lasted for days. Now, though, they're all coming back online.
Weirdly, the obligatory "apology for the inconvenience" is missing from the press release, but Garmin did thank its customers for the understanding and announced that some of them might still be experiencing problems due to the enormous backlog of data that needs to be processed. The company is fairly certain that no customer information has been stolen, but nevertheless, this incident can serve as a reminder of how devastating cyberattacks could be.
How bad was it?
It became apparent that something's wrong on Wednesday when many Garmin users took to social media to complain about not being able to see their data through the company's portfolio of mobile apps. Garmin's email servers and support channels were also affected, and at one point, even the manufacturer's main website went down. On July 23, Garmin used its social media profiles to inform its users that an outage affected a wide array of its services. The reason for the interruption was not mentioned, but people were assured that Garmin was working flat-out on fixing the issue.
A couple of days later, having reinstated some of the services, the company put out an FAQ page, which said that cybercriminals had targeted the manufacturer of GPS devices. Not much was revealed in the way of technical details, but by then, many people already knew what had happened.
According to sources, Garmin was targeted by the WastedLocker ransomware
Garmin has yet to reveal the name of the malware family that took so much of its cloud infrastructure offline, but it would appear that some people knew what it was mere hours after the attack began. Those people got in touch with several news websites and revealed that Garmin was apparently hit by the WastedLocker ransomware. All of a sudden, the amount of damage the attack caused doesn't seem that surprising.
WastedLocker is a relatively new ransomware family that was examined closely by researchers from NCC Group back in June. According to the experts, it was developed by a group of hackers known as Evil Corp.
Evil Corp shouldn't be a new name to those of you with an active interest in cybersecurity. The hacking crew was formed in 2007 after members of the team responsible for the ZeuS banking trojan left and tried to go at it alone. They created Dridex, a now-infamous banking trojan that evolved into a massive threat capable of dropping other malware families and recruiting computers into a vast botnet network. The same cybercriminals were also responsible for the distribution of Locky – the undisputed leader on the ransomware market from a couple of years ago.
Evil Corp's disruptive attacks have drawn attention from the highest possible places, and in December 2019, it was revealed that two individuals believed to be a part of the hacking crew had been indicted by the US Department of Justice. The alleged cybercriminals are still at large.
Garmin got lucky
It's probably hard to believe that it could have been worse for Garmin, but evidence suggests that this is the case. Ransomware operators that target enterprises rather than home users need access to the victim's network if their attack is to work, and in late-2019, some of them realized that they could steal some sensitive data while they're inside. That way, they can later threaten to leak it if the target isn't cooperating. Recent attacks suggest that the strategy is working.
With WastedLocker, Evil Corp went with a more traditional ransomware operation. According to Garmin, the hackers didn't steal any information, and they didn't receive even a penny because the company has working backups. The criminals' demands weren't officially revealed, but it's fair to say that not paying the ransom probably saved Garmin a fortune. What's more, sending money to individuals that have been indicted in the US would have brought a ton of legal issues.