Garmin, producer of smartwatches, fitness bands, and other wearable devices, became the victim of a ransomware attack on July 23, 2020. Although Garmin initially tweeted that the interruption was caused by a technical issue with its services, the company later confirmed in a press release that it had fallen victim to a cyberattack.
On July 23, Garmin started to see disruptions in its call centers and email communications. Later, since the issue hadn’t yet been resolved, the company was forced to shut down a few of its services, like Garmin Connect, Garmin Express, and Garmin.com. Due to this hindrance, millions of users were denied access to the company's cloud services.
Many suspect that Garmin was infected with WastedLocker, a ransomware variant that’s been linked to Evil Corp, a Russian cybercriminal group. Attackers wielding WastedLocker reportedly demand up to $10 million in ransom, but Garmin has not confirmed the demands it faced.
Like many other cyberattacks, this ransomware attack could have been achieved by broadcasting a malicious email, dropping malicious attachments to be later used for privilege escalation, and then moving laterally within the network to install ransomware in multiple systems. As per reports from SentinelOne, this ransomware is named WastedLocker and it’s quite new, having been on the internet for only a few months. WastedLocker has been used to target high-profile industries.
WastedLocker employs JavaScript to deliver the payload by disguising as system updates and then exploits UAC bypass procedures to provide elevated privileges, allowing it to use Cobalt Strike, a penetration testing toolkit, for moving laterally within a network.
As per reports from BBC, a few of Garmin’s service are back online after going down on July 23. Despite Garmin’s services being significantly interrupted, Garmin has not yet confirmed that it was a ransomware attack. Garmin has stated that its customers' personal data is safe and that no information was leaked or stolen during the cyberattack.
While the company's services are back online, it’s still not clear if Garmin paid the millions of dollars hackers may have demanded. US authorities are already analyzing things as this blog is being drafted. Considering that Garmin stores are located in California, New York, and Europe, if there is any hint of users’ personal data having been stolen or leaked during this attack, Garmin could face penalties on the basis of the CCPA, the SHIELD Act, and the GDPR.
Educate your employees about phishing and social engineering attacks, as these have become some of the key points of entry for malware threats. Always patch your devices, applications, and network touchpoints to avoid being an easy target.
Ensure your remote devices are up-to-date and have been scrutinized based on the Zero Trust policy. Employ device security, data security, and application security procedures to keep your defenses strong and reliable.
