Running a business poses many challenges, and while all need to be taken seriously, some are of greater importance than others. If, for instance, your company has cash flow problems, that’s urgent. In fact, it’s why 82% of small business failures occur. Just as urgent but more invisible to the naked eye is security. Security needs to be a top priority for any business because, like it or not, you’re already under attack. Cybercriminals don’t wait around. They don’t ask politely to see if you’re ready before they start sending phishing emails and trying to compromise your employees’ accounts. They also have no issue holding your systems hostage. Unfortunately, Garmin found this out firsthand.
Ransomware is one of the most aggressive, frustrating, and crippling attacks a business can face, especially if you don’t have the tools to prevent or stop it. Ransomware is a type of malware that affects a person’s computer or systems and threatens to publish their data or block access to it until a ransom is paid. Typically, a link is provided to an online cryptocurrency wallet. Once the ransom is paid, the person’s data is released...or so the criminals say. They’re criminals, so you can never truly take them at their word.
While the focus of this blog is on Garmin, it’s important to remember that they are not the only ones being affected. Anyone can fall victim to ransomware, so you must be sure your data is protected.
But let’s get to Garmin. Garmin is an American multinational technology company that produces devices that use a Global Positioning System (GPS).
Recently, they dealt with a massive service interruption. While this was initially explained away as maintenance, people grew suspicious as users reported outages that lasted up to twelve hours. Red flags went up, and some believed that ransomware was to blame. A Taiwanese news site claims that Garmin IT staff sent around an internal memo warning that their servers had been compromised. Many suspect ransomware was the culprit.
If you head over to Garmin’s website, you will see an updated announcement explaining what happened.
“Garmin Ltd. was the victim of a cyber-attack that encrypted some of our systems on July 23, 2020,” the announcement explains. “As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications.”
Garmin says they took immediate action to “assess the nature of the attack” and start remediation.
This outage affected their phone systems as well as their email and chat servers, website, and mobile app. The good news, according to them, is that access to online services was the only entity affected during the incident.
“We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen,” claims the website.
Some reports claim that a ransomware called WastedLockerwas used for this attack against Garmin’s servers. It is believed that this new strain of ransomware originated with Evil Corp, an international cybercrime network that uses malicious software to steal from companies.
WastedLocker was designed to be customizable based on the target a criminal is attacking. Attackers can identify the victim’s defenses and use this feature to adapt.
Ransom demands from WastedLocker attacks can climb to millions of dollars' worth of cryptocurrency.
In Garmin’s announcement to the public, they carefully avoided any language indicating that a ransom had been demanded or that a ransom had been paid. While the facts are unclear for now, one thing is undoubtedly true: becoming the victim of a ransomware attack is embarrassing. No business wants to admit that it happened to them. If Garmin did fall victim to ransomware, expect them to keep their lips sealed as long as they can.
If no data were compromised (as Garmin claims), then this hack is still a bad look for the company, and it will hopefully lead to constructive changes to their security tools and practices. If, however, any information—potentially including Garmin’s aviation database, mapping and tracking solutions, and customer payment information—was stolen or accessed, then suddenly these attacks become much more serious than a dozen hours of downtime. They would then need to take additional steps to mitigate the effects to their and their customers’ assets.
If ransomware were involved, as many suspect it was, how much would Garmin have paid a hacker to restore their files and/or functionality? It’s hard to know for sure, but it easily could have stretched to a million dollars or more. Ransom or no ransom, this incident undoubtedly caused the American tech company a lot of headaches.
Use this as a lesson. Make sure your servers are protected and up to date. And if you need help with that, look to a managed service provider (MSP). An MSP can help your company with data backups to the cloud, the best defense against ransomware. Routinely backing up your systems to a secure, external server lets you reboot to a previous state before a criminal infected you with malware. They can’t touch the backups, so you don’t lose your data—and you can forget about paying any ransom.