What we can learn from the ransomware attack on Garmin

Hacking of multi-million-dollar companies is big business and Garmin is the latest victim of a vicious ransomware attack. From July 23rd to July 27th Garmin users worldwide were unable to enjoy their software or update their activities online. Here’s what we know about the ransomware attack on Garmin and what we can learn from it.

Data encrypted but not compromised

For the first few days Garmin simply spoke of an outage. It has now been confirmed that they were victims of a ransomware attack. That means that all, or much, of Garmin’s data was encrypted by malware and that hackers asked for a hefty sum if Garmin wanted the data back.

A computer locked by ransomware software attack

Garmin finally confirmed that they had been victims of a ransomware attack on Monday July 27th. They also stated that user data was not impacted or accessed during the attack. The statement did not identify the ransomware by name, which is normal as an investigation is still underway. Garmin workers lost all contact to company servers, email, and online chats during the outage. Besides affecting avid runners and cyclists the attack also affected flyGarmin services used by aircraft pilots.

Who done it?

Reportedly Garmin’s data was held ransom for 10 million USD after the paralyzing attack. Russian cyber criminal group Evil Corp (also known as the Dridex gang) is believed to have initiated the attack with their WastedLocker ransomware. Evil Corp has been sanctioned by the U.S. Treasury Department. This means that if Garmin paid their ransom it could be found to be breaking U.S. sanctions.

Ransomware warning on computer screen
Ransomware demands can vary based on the size of the company and the scope of the breach. Often the demands are kept low to entice companies to simply pay up and get their data back safely and swiftly. This doesn’t seem to be the case for Garmin.

Evil Corp seems to be launching a new wave of ransomware attacks on American businesses recently. Attempts have been made on at least 31 major corporations, including eight Fortune 500 companies. The networks of these targeted organizations had been breached and the malware was in the process of laying the groundwork for staging the ransomware attacks when it was detected. These numbers only report on detected attacks by Symantec. Therefore it is suspected that numerous other companies may have been affected by these attacks.

How did this ransomware attack happen?

According to Symantec, who first identified and alerted of the malware, Evil Corp’s WastedLocker malware is first downloaded on an employee’s computer after clicking a malicious software update window. Once it has been installed on the employee’s computer the malware begins unlocking permissions on the remote corporate network they are connected to. It then proceeds to encrypt all data. Eventually it locks all members of staff out and demands ransom by putting a price on each file it has encrypted.

Computer updating software progress wheel

It is imperative to never accept software updates directly from websites.

The software update window that initiates the entire process is a malicious JavaScript-based framework known as SocGholish. It could have come from any one of the 150 legitimate websites whose security Evil Corp has already breached. Therefore, it is imperative to never accept software updates directly from websites.

How to stop a ransomware attack?

The best counter measure against a ransomware attack is first and foremost vigorous security awareness training of employees. Teaching them never to open attachments or click links in emails without knowing exactly who they are from and what they entail. Employees should be trained to be suspicious of any email, even from known senders, as they too might become hacked. They should also be trained to be vary of update suggestions from websites. As well as software that websites ask them to set up for their browsers. Security awareness training should of course be in addition to regular virus protection. We recommend a cloud-based malware detection and protection software that is updated frequently and automatically to detect evidence of the latest threats.

Ransomware attack

If a breach happens regardless of these security awareness measures, companies that make regular backups and store them on offline servers will bounce back quicker than others with minimal loss of data or down time. Backing up data is what separates the best from the rest.

How to train employees against a ransomware attack?

One of our security awareness videos explains how you can infect your computer with ransomware by downloading an update from an untrustworthy source. The best practices against ransomware are:

  • Keep a backup of your files and back up regularly
  • Do not install any software unless you know exactly what it is and does
  • Update your operating system and programs when prompted but NEVER run updates in a browser window

You can try our security awareness training software and videos for free. No commitment or credit card needed. We believe in our content and want to help you create a strong security culture within your business.

Payments available