An interesting ransomware case affected one of our co-workers recently as he went hiking in the Rocky Mountains. This being that his Garmin GPS was out of commission as he was trying to navigate himself through the wilderness. The good thing is that he was not in a life and death situation and lost somewhere in the forrest. The bad thing is that he was left with no mapping capabilities and did find himself trekking somewhat blindly during several sections of his hike.
Unfortunately, our co-worker was one of millions of customers globally in this situation as GPS titan Garmin’s website, customer support, apps and communications were all taken out by a massive ransomware attack in late July 2020. This ransomware, which was finally admitted by the company after days of nebulous statements, locked users out of their GPS services and disrupted a wide variety of Garmin GPS-based systems, along with causing Garmin an untold amount of reputational damage. This is due to what many perceive to be mismanagement of the initial crisis response by the company.
According to an SEC report that the company filed in December of 2019, Garmin officials provided some insight into just how damaging a cyberattack would be to the company as it has transitioned from a simple GPS navigation company to a health and fitness tracking organization. It collects, stores, processes and uses a wide variety of personal user information such as names, addresses, phone numbers, email addresses, payment accounts, height, weight, age, gender, heart rates, sleeping patterns, GPS locations and other activities. Any of this information, if it were to be leaked, could cause a ton of headaches for the company as users lose confidence in Garmin’s ability to safeguard their confidential data.
In this case, security experts have confirmed that the WastedLocker ransomware was to blame for the attack. This ransomware is a new variety that is operated by a hacker group known as Evil Corp. The only positive news about the usage of this particular piece of ransomware is that it does not yet appear to have the capability to steal or exfiltrate the data before it encrypts the victim’s files (unlike even newer ransomware strains). This seems to be the case as Garmin put out a statement saying that it had “no indication that this outage has affected your data, including activity, payment or other personal information”. In some cases, companies that have backups can sometimes get away without paying the demanded ransom. However, those who do not have adequate backups have often faced ransom demands as high as $10MM. With this uptick in ransom demands, it will not be surprising if other big companies are targeted in the near future as well. Unlike smaller organizations who do not have the resources to pay high ransoms, bigger companies are often well-insured and can pay a lot more.
As Garmin’s services start coming back online, there is speculation that the company ended up having to give in to ransom demands in order to get their services back as quickly as they have been able to. The interesting thing is that the U.S. Treasury department imposed sanctions on Evil Corp for their involvement in a decades-long hacking campaign against a variety of large global corporations and other U.S. interest. As a result, it is nearly impossible for U.S.-based companies to pay ransoms to this hacker organization as they are generally prohibited from transacting with sanctioned groups. This sets up a legal minefield for any company that considers paying a ransom to Evil Corp as a result of the WastedLocker ransomware. In this respect, guess are that Garmin somehow did pay a ransom and may face some Treasury department sanctions in the near future.
Getting back to the underlying point of this story is that ransomware is certainly becoming a huge thorn in the side of corporations around the world. It is causing companies grief in terms of lost revenues from service disruptions, losses to reputation, potential data breaches, as well as losses from having to pay ransoms. The thing is that ransomware attacks such as these could be easily prevented through the use of Detect and Block solution such as the Wedge Absolute Real-time Protection (WedgeARP) platform. Through a combination of patented Deep Content Inspection, orchestrated threat management and deep learning / machine learning, WedgeARP is able to stop all malware (including known, never-before-seen, APTs and zero-days) in real-time, BEFORE they can enter the network. If companies such as Garmin were to embrace the proactive Detect and Block approach to network security with a solution such as provided by Wedge, this attack could have been stopped before any damage could occur. To find out more about WedgeARP and the Detect and Block approach, contact our team at: info@wedgenetworks.com.
Main Website Links
Wedge DCI Search
Wedge Calendar
-
Recent Posts
- Wedge Networks Presents at the Canada Trade Mission to the Indonesia and Philippines
- Wedge Networks announces the general availability of WedgeARP v3.3
- vKey and Wedge: Protect and Extend Device Life in an Education Environment Webinar
- Wedge Networks Inc. Selected for Government of Canada Innovations Direct Buy Program
- Prevent the Rooting of Rootkits: The Critical Role of Real-time Threat Prevention
Recent Comments
- Ram Bathala on Calgary’s Wedge Networks Looks to Channel for Enterprise Push with Malware-Blocking Product
- Eva on Milliseconds Versus Minutes – The Difference Between Prevention and Remediation
- Smithb on Wedge Adds AI for Better Malware Blocking
- Abram on Wedge Joins MEF to Boost World’s Third Network Security
- David Millar on 5G & IoT Dominate MWC16
Archives
- December 2024
- November 2024
- June 2024
- March 2024
- February 2024
- December 2023
- October 2023
- June 2023
- May 2023
- February 2023
- January 2023
- November 2022
- September 2022
- August 2022
- July 2022
- June 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- September 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- October 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- March 2018
- February 2018
- July 2017
- June 2017
- May 2017
- April 2017
- February 2017
- November 2016
- October 2016
- September 2016
- May 2016
- April 2016
- March 2016
- February 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- June 2015
- May 2015
- April 2015
- March 2015
- December 2014
- November 2014
- October 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- April 2013
- November 2012
- October 2012
- September 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- June 2011
- May 2011
- February 2011
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
Categories
Meta
Kaspersky ThreatPost
- Student Loan Breach Exposes 2.5M Records August 31, 2022
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022
- Ransomware Attacks are on the Rise August 26, 2022
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022
- Twitter Whistleblower Complaint: The TL;DR Version August 24, 2022
- Firewall Bug Under Active Attack Triggers CISA Warning August 23, 2022
- Fake Reservation Links Prey on Weary Travelers August 22, 2022
- iPhone Users Urged to Update to Patch 2 Zero-Days August 19, 2022
- Google Patches Chrome’s Fifth Zero-Day of the Year August 18, 2022