Cybersecurity blog Cybersecurity blog
What We Can Learn From the 2020 Ransomware Attack On Garmin
Facebook Twitter LinkedIn

What We Can Learn From the 2020 Ransomware Attack On Garmin

Guðrún Vaka Helgadóttir
5 min read ∙ Jul 28, 2020

Hacking multi-million-dollar companies is big business, and Garmin is the latest victim of a vicious ransomware attack. From July 23rd to July 27th, Garmin users worldwide could not enjoy their software or update their activities online. Here’s what we know about the ransomware attack on Garmin and what we can learn from it.

Data Encrypted But Not Compromised

For the first few days, Garmin spoke of an outage. It has now been confirmed that there was a ransomware attack on Garmin. That means that all, or much, of Garmin’s data was encrypted by malware and that hackers asked for a hefty sum if Garmin wanted the data back.

Executives finally confirmed that a ransomware attack on Garmin had taken place on Monday, July 27th 2020. They also stated that user data was not impacted or accessed during the attack. The statement did not identify the ransomware by name, which is expected as an investigation is still underway. During the outage, Garmin workers lost all contact with company servers, email, and online chats. Besides affecting avid runners and cyclists, the attack also affected flyGarmin services used by aircraft pilots.

Who is Responsible for the Ransomware Attack on Garmin?

A report from the ransomware attack on Garmin says that Garmin’s data was held ransom for 10 million USD after the paralyzing attack. Russian cybercriminal group Evil Corp (also known as the Dridex gang) is believed to have initiated the attack with their WastedLocker ransomware. The U.S. Treasury Department has sanctioned Evil Corp. This means that if Garmin paid its ransom, it could be found to be breaking U.S. sanctions.

A still from a security awareness video about ransomware attacks. This may not be similar to the ransomware attack on Garmin.
Ransomware demands can vary based on the company’s size and the breach’s scope. Often the demands are kept low to entice companies to pay up and get their data back safely and swiftly. This doesn’t seem to be the case for Garmin.

Evil Corp seems to be launching a new wave of ransomware attacks on American businesses recently. Attempts have been made on at least 31 major corporations, including eight Fortune 500 companies. The networks of these targeted organizations had been breached, and the malware laid the groundwork for staging the ransomware attacks when detected. These numbers only report on detected attacks by Symantec. Therefore it is suspected that numerous other companies may have been affected by these attacks.

How Did The Ransomware Attack on Garmin Happen?

According to Symantec, who first identified and alerted of the malware, Evil Corp’s WastedLocker malware is first downloaded on an employee’s computer after clicking a malicious software update window. Once installed on the employee’s computer, the malware begins unlocking permissions on the remote corporate network they are connected to. It then proceeds to encrypt all data. Eventually, it locks all staff members out and demands ransom by putting a price on each encrypted file.

Red lines go to computers to see how ransomware attack spreads. This may not be representative of the ransomware attack on Garmin

It is imperative to never accept software updates from websites.

The software update window that initiates the entire process is a malicious JavaScript-based framework called SocGholish. It could have come from any one of the 150 legitimate websites whose security Evil Corp has already breached. Therefore, it is imperative never to accept software updates directly from websites.

How To Stop a Ransomware Attack

The best countermeasure against ransomware attacks is, first and foremost, vigorous security awareness training of employees. Teaching them about phishing emails and never to open attachments or click links in emails without knowing precisely who they are from and what they entail. Employees should be trained to be suspicious of any email, even from known senders, as they too might become hacked. They should also be trained to be weary of updated suggestions from websites. As well as software that websites ask them to set up for their browsers.

Security awareness training should, of course, be in addition to regular virus protection. We recommend a cloud-based malware detection and protection software that is updated frequently and automatically to detect evidence of the latest threats.

Two people seen from behind looking at computer screens with ransomware messages due to an infected USB drive. This may have been the situation with the ransomware attack on Garmin.

If a breach happens regardless of these security awareness measures, companies that make regular backups and store them on offline servers will bounce back quicker than others with minimal data loss or downtime. Backing up data is what separates the best from the rest.

How To Train Employees Against a Ransomware Attack

One of our security awareness videos explains how you can infect your computer with ransomware by downloading an update from an untrustworthy source. The best practices against ransomware are:

  • Keep a backup of your files and back up regularly
  • Do not install any software unless you know exactly what it is and does
  • Update your operating system and programs when prompted but NEVER run updates in a browser window

You can try our security awareness training software and videos for free. No commitment or credit card is needed. We believe in our content and want to help you create a strong security culture within your business.

Test our training, assessment and platform for free

Sign up for a free trial of AwareGO to find out if our security awareness videos, Human Risk Assessment and training platform fits your needs for cybersecurity training.

Guðrún Vaka Helgadóttir
5 min read ∙ Jul 28, 2020

Become cyber secure

You and your employees are going to love AwareGO. It’s a modern, cloud-based system for managing human risk, from assessment to remediation. We’ve made it super easy — schedule your first assessment or training in minutes.

Get started for free and give it a go right now.

You’ll love the way AwareGO can fit into your existing infrastructure. Our robust APIs, widgets, and content available in SCORM format make sure that the integration is seamless. We also integrate with Active Directory, Google Workspace, and popular tools like Slack and Teams.

Contact us and our experts will recommend the best way to integrate.

Upgrade your cybersecurity business by adding human risk management to your existing portfolio of services. Increase your deal size by leveraging Human Risk Assessment or offering Security Awareness Training to your current customers and creating a new revenue stream.

Contact us to become an AwareGO partner, and we will support you every step of the way.

Join top companies worldwide in the mission to make workplaces cyber-safe

Get started free
blank blank blank blank blank blank blank blank blank blank