Published: August 12, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Have you recently felt like your Garmin navigation system left you lost, or it just decided to go offline and take its own road trip? Well, you’re not wrong. The technology company that provides navigation systems, fitness trackers, aviation software, and more was recently hit by an aggressive ransomware. The company’s website and systems, as well as their call centers, emails, and online chats were offline for several days so they could deal with the situation.
According to Forbes, the ransomware that is believed to be WastedLocker was the offender and the group that was responsible was likely Evil Corp. (which is also known as the Dridex gang). They were not shy about the amount of money they wanted from Garmin…by some reports, it’s $10 million in order for them to free up the data.
It’s being reported by Garmin that no user data was impacted in the attack and that the inReach SOS and messaging services were not impacted by the outage.
As of writing, Garmin has been getting services back online, one-by-one and that process continues. However, it’s unknown definitively if the ransom was paid or if the company had proper backup procedures in place to restore the information. It’s also not known at this time how the ransomware made it into the network in the first place. However, suspicion is that it started in one of the Taiwan factories, causing production lines to be shut down for two days on July 24th and 25th. If that is the case and Garmin paid the ransom, it may have put itself in a tricky spot, as the U.S. Treasury department sanctioned Evil Corp. and by paying it, Garmin would be violating those sanctions. A recent report by Bleeping Computer claims that Garmin must have paid a ransom, because decryption script was found on some devices, apparently applied the last week of July.
Blackbaud, a cloud services provider was also recently hit with ransomware. In that case, the attackers actually got ahold of the data. Blackbaud chose to make a deal with the attackers where they’d pay the demand if the attackers promised to destroy the data they took. While they did get their systems restored, it’s not a good plan to pay a ransom demand. Instead, good backups would have saved them from paying off a criminal.
At some point, it may be known how ransomware got into both networks, but for now, it’s not a bad guess that it very well could be have been through phishing. Training employees how to spot these attempts and how to thwart them is the best way to prevent such things from happening to any organization. In addition, keep up-to-date backups at the ready so data and systems can be restored quickly, and no money needs to leave the company bank account.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com