Garmin Ransomware Attack

On Thursday, July 23rd Garmin started sending out a notice to its users that the company was experiencing an outage. A ransomware attack took Garmin’s websites, apps, internal communications, customer support services, and critically, Garmin hardware, software and databases that are used actively for aerospace and even maritime navigation down for 5 days.

A Russian hacking group known as EvilCorp is responsible for the attack. The particular strain of ransomware called “WastedLocker” was discovered in May of this year and so far, has already been used against 31 organizations that we know about. Unlike general ransomware attacks, WastedLocker deploys a far deeper technique that capitalizes on cyber security lapses to ensure that the ransom encryption takes longer, and at times also becomes impossible, for companies to fight against. Evil Corp’s strategy typically also involves affecting the backup infrastructure of companies. This increases the recovery time for the victim, or in some cases due to unavailability of offline or offsite backups, prevents the ability to recover at all.

This attack could have been much, much worse if the attackers had targeted the aerospace and maritime systems in particular. It seems the attackers, at least for now, were mostly targeting the Garmin Connect system.

Our concern with this particular attack is that due to it’s success, many more will use the same methods, and take them further, potentially ex-filtrating user data or attacking the aerospace and maritime navigation systems. This would increase the number of those affected and potentially have fatal consequences for the victims.

Drew the “Binary Blogger” explains the Garmin ransomware attack and the danger potential of future attacks in the Security In Five podcast. Take a listen!