Garmin, a U.S. multinational technology company, was hit with a destructive ransomware attack in July 2020. The company, a big player in the industry for GPS fitness smartwatches and GPS navigation systems was forced to shut down their website to protect any data from being lost.
This attack is significant, because not only did it inconvenience users of Garmin fitness watches who could not track their mileage, it also disabled Garmin GPS used for aviation and boat navigation. No known accidents occurred as a result of the system being down, but this ransomware attack is a reminder that hackers have the ability to disrupt critical infrastructure that could pose a dangerous national security risk.
According to multiple news outlets, Garmin ended up paying an estimated $10 million ransom in order to obtain the decryption key and restore their data. The malware that struck the company is known as “WastedLocker,” a program linked to Evil Corp, a Russian based criminal group.
What is WastedLocker?
WastedLocker is a ransomware tool that has the ability to encrypt data from a business’s digital infrastructure. At the time of the attack, Garmin users expressed their concerns on Twitter noting that website functions were down, customer support was minimal and many applications were malfunctioning. Many forms of malware will hold key information for ransom. Not this one, though. WastedLocker doesn’t steal personal information, but rather ruins the functionality of programs until the decryption key is retrieved. Most of the attacks performed through the use of this malware target specific organizations.
What Was The Result?
In an unprecedented response, according to news sources, Garmin broke U.S. sanctions in order to protect their company by paying the estimated $10 million in ransom. A crucial player in this exchange were third-party negotiators who acted as intermediaries between the hackers and the victims. Although not confirmed by the company, it appears that Garmin paid a third-party group based in New Zealand to help combat the malware attack and pay the ransom. The company operates under New Zealand law which does not restrict this type of ransom payment. Garmin declined to comment on this development. Experts advise against paying the ransoms because it can embolden hackers and further compromise networks and infrastructures.
What We Learned From This Attack
There is a lot to take away from the Garmin ransomware attack. An attack on such a large and successful company like Garmin teaches us that no one is safe. Businesses and individuals can never be too safe when it comes to combatting hackers. Hackers are able to find loopholes in the network that provide them with an easy way in. That’s why it’s important to keep systems updated and enforce strict security measures. Malware attacks are timed and targeted. Companies that tend have large revenue and sensitive data are more vulnerable to such attacks – Garmin is an example of this type of company.
Furthermore, these attacks can have an impact on a company’s reputation as well as cause significant financial damage. The Garmin ransomware attack also teaches us that hackers have most control when customer operations are in jeopardy. According to many customers, their connected devices malfunctioned and were not able to perform the necessary tasks they’re built to do. When an attack like this happens, companies look for the most immediate way to resolve the issue and resort to paying large ransoms as a “cost of doing business.”