A recent ransomware attack on Garmin is the latest example of how complicated these exploits are becoming.
Cybercriminal attacks of all types have been on the rise over the past months as hackers pounce on the vulnerabilities exposed by Covid-19 for personal gain.
Ransomware incidents have pushed already desperate situations even further. For instance, they’ve forced hospital systems to pay fees in order to continue operating life-saving medical equipment. One apparent takeaway from these incidents? The groundwork has long been in place for such attacks. Hackers have simply been waiting for the right moment to strike.
In other industries, the impact of ransomware might not mean the difference between life or death. But without precautions, the path to resolution could be onerous … and in some cases, these attacks could be financially catastrophic.
The Garmin Ransomware Attack
Sport-tech firm Garmin was hit by a ransomware attack on Wednesday, July 22, and the company was still suffering from global outages on Garmin.com and Garmin Connect into the following week. Core features of the company’s navigational and smart tech products were out of operation to its massive user base for days, and even now, some of its features have a few limitations as Garmin recovers.
Sources claim that WastedLocker ransomware was used for the attack. They’ve pinned the blame on Evil Corp, which is a hacking syndicate loosely tied to the Russian government. There’s a small positive because of that: Users can be relatively confident that their data hasn’t been compromised. That’s because WastedLocker reportedly can’t extricate the data of affected users before encrypting it.
Also, “That means companies with backups may be able to escape paying the ransom,” TechCrunch writes, though companies without backups could be forced to pay up to $10 million if they’re hit by the WastedLocker ransomware.
That Garmin struggled with the breach for so long hinted at the possibility that the company hadn’t made the appropriate backups. On Tuesday, July 28, Sky News said Garmin received a decryption key, but its sources said Garmin “did not directly make a payment to the hackers.”
That wording nods to a potentially complicated legal road ahead. The U.S. government has enacted sanctions prohibiting citizens from carrying out transactions with Evil Corp members, TechCrunch writes. So if Garmin, or any company in a similar situation, pays such a fee, they could face legal repercussions.
A logical takeaway for other companies? Foregoing proper backups is a chance you shouldn’t take – as is underestimating the threat to ransomware.
If you think your organization needs to bolster its defense, don’t wait another day. Contact Lunarline and see what we can do for you.