Hacking multi-million-dollar companies is big business, and Garmin is the latest victim of a vicious ransomware attack. From July 23rd to July 27th, Garmin users worldwide could not enjoy their software or update their activities online. Here’s what we know about the ransomware attack on Garmin and what we can learn from it.
Data Encrypted But Not Compromised
For the first few days, Garmin spoke of an outage. It has now been confirmed that there was a ransomware attack on Garmin. That means that all, or much, of Garmin’s data was encrypted by malware and that hackers asked for a hefty sum if Garmin wanted the data back.
Executives finally confirmed that a ransomware attack on Garmin had taken place on Monday, July 27th 2020. They also stated that user data was not impacted or accessed during the attack. The statement did not identify the ransomware by name, which is expected as an investigation is still underway. During the outage, Garmin workers lost all contact with company servers, email, and online chats. Besides affecting avid runners and cyclists, the attack also affected flyGarmin services used by aircraft pilots.
Who is Responsible for the Ransomware Attack on Garmin?
A report from the ransomware attack on Garmin says that Garmin’s data was held ransom for 10 million USD after the paralyzing attack. Russian cybercriminal group Evil Corp (also known as the Dridex gang) is believed to have initiated the attack with their WastedLocker ransomware. The U.S. Treasury Department has sanctioned Evil Corp. This means that if Garmin paid its ransom, it could be found to be breaking U.S. sanctions.
Evil Corp seems to be launching a new wave of ransomware attacks on American businesses recently. Attempts have been made on at least 31 major corporations, including eight Fortune 500 companies. The networks of these targeted organizations had been breached, and the malware laid the groundwork for staging the ransomware attacks when detected. These numbers only report on detected attacks by Symantec. Therefore it is suspected that numerous other companies may have been affected by these attacks.
How Did The Ransomware Attack on Garmin Happen?
According to Symantec, who first identified and alerted of the malware, Evil Corp’s WastedLocker malware is first downloaded on an employee’s computer after clicking a malicious software update window. Once installed on the employee’s computer, the malware begins unlocking permissions on the remote corporate network they are connected to. It then proceeds to encrypt all data. Eventually, it locks all staff members out and demands ransom by putting a price on each encrypted file.
It is imperative to never accept software updates from websites.
How To Stop a Ransomware Attack
The best countermeasure against ransomware attacks is, first and foremost, vigorous security awareness training of employees. Teaching them about phishing emails and never to open attachments or click links in emails without knowing precisely who they are from and what they entail. Employees should be trained to be suspicious of any email, even from known senders, as they too might become hacked. They should also be trained to be weary of updated suggestions from websites. As well as software that websites ask them to set up for their browsers.
Security awareness training should, of course, be in addition to regular virus protection. We recommend a cloud-based malware detection and protection software that is updated frequently and automatically to detect evidence of the latest threats.
If a breach happens regardless of these security awareness measures, companies that make regular backups and store them on offline servers will bounce back quicker than others with minimal data loss or downtime. Backing up data is what separates the best from the rest.
How To Train Employees Against a Ransomware Attack
One of our security awareness videos explains how you can infect your computer with ransomware by downloading an update from an untrustworthy source. The best practices against ransomware are:
- Keep a backup of your files and back up regularly
- Do not install any software unless you know exactly what it is and does
- Update your operating system and programs when prompted but NEVER run updates in a browser window
You can try our security awareness training software and videos for free. No commitment or credit card is needed. We believe in our content and want to help you create a strong security culture within your business.
Sign up for a free trial of AwareGO to find out if our security awareness videos, Human Risk Assessment and training platform fits your needs for cybersecurity training.