On July 27th, Garmin confirmed that it had been the victim of a cyber attack, which began on July 23rd. The attack affected Garmin’s wearables, apps, website, and even shut down its call centers for several days. In a statement made last week, Garmin said there was no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen and the functionality of Garmin products was not affected. The only damage was to services which were taken offline.
If you are reading this, and think this isn’t a big deal, keep reading. Below are the 3 reasons why the Garmin ransomware attack is a big deal.
1. Big business, bigger payout
With regards to customer data, it seems Garmin got off easy. It has been reported by various sources, including Bleeping Computer and SkyNews, that Garmin has paid the hackers $10 million for the decryption key. Which, considering how quickly they seem to have put their systems back together, it looks very likely that is what they did. SkyNews reported that Garmin used ransomware-negotiation business Arete IR. For a company the size of Garmin to be forced to pay such a big ransom, it means trouble for smaller organizations. What hope would your small business have to defend against a similar attack?
2. More legal troubles
Garmin was hit by a relatively new strain of ransomware called WastedLocker. Wastedlocker is linked to Russian Evil Corp malware dynasty. According to Wired, “the hackers behind Evil Corp allegedly used banking-focused malware to pilfer more than $100 million from financial institutions, as outlined in a Department of Justice indictment last year.” Threatpost reports that The U.S. Treasury Department issued sanctions against Evil Corp, which state that “U.S. persons are generally prohibited from engaging in transactions” with Evil Corp or any of its individual members. This means that if it is proven that Garmin and Ariete IR paid the hackers for a decryption key, both companies could be in serious legal trouble with the U.S. Government.
3. No free decryption tools available
ZdNet has recently reported about the success of the No More Ransom project. No More Ransom provides free decryption tools for ransomware and has been growing ever since, now consisting of 163 partners across cyber security, law enforcement bodies, financial services and more. While the No More Ransom project is great, with Wastedlocker being a new type of malware, there is currently no freely available tool to decrypt files.
The other issue for many organizations currently has been not just the encrypting of files, but the fact that hackers have also stolen some of the data and threaten to release it publicly if payment isn’t made. While it doesn’t appear that any of Garmin’s data was stolen, businesses like yours need to be aware of these types of threats. Even if you have a free decryption key, or have kept reliable data back-ups, the threat of stolen data being exposed is troublesome. Once the data is in the hands of criminals, there is no telling how that information may be used or when. Even if you do pay a ransom to keep the hackers from exposing it.
There are some steps that businesses can take to help prevent being infected with ransomware. Those include:
- Keeping antivirus software up to date
- Thinking twice before clicking on links
- Downloading apps only from Google play store or Apple Store
- Backing up all important files
- Regularly updating your operating system and your apps
If you are struggling with the challenge of keeping your data safe, contact Uzado today. Uzado can help better secure your organization against the threat of cyber attacks.