Mitnick Security Blog - Cybersecurity News and Articles

An Overview of the 2020 Garmin Ransomware Attack

Written by Mitnick Security | Jul 31, 2020 6:30:00 PM

Last week, Garmin users experienced an outage in service as the result of a malicious cyber attack.

Let’s review the incident, looking at what the hackers did and how Garmin handled the situation to glean valuable lessons from the incident.

What Happened?

Late Wednesday July 22 into early Thursday July 23, the sport and fitness technology brand Garmin fell victim to a disruptive ransomware virus. 

The virus, referred to as WastedLocker, is believed to be developed by a Russian hacker group called Evil Corp and an elite form of ransomware that encrypts the files of those affected, making them inaccessible and extremely hard to recover. 

After Evil Corp breached Garmin’s corporate networks, they seized control of all the files on the system and demanded to be paid a ransom of $10 million to decrypt the compromised data. 

As a result of the attack, Garmin experienced an outage of its website and Garmin Connect, locking Garmin customers out of most functionality with the online brand and its application. Customers were unable to log their fitness sessions or access their health data on their smartwatches or phones, pilots were unable to download flight plans to navigate their aircrafts per FAA requirements, and Garmin’s communication’s systems were offline, affecting customers with questions about the sudden connectivity issues.

Instead of clearly communicating that the trouble was the result of a cyber attack, Garmin issued the following statement, per TechCrunch:

It wasn’t until days later that Garmin announced it was "the victim of a cyber-attack that encrypted some of our systems," according to the BBC

As of the publication of this article, Garmin is now in the recovery process, providing “limited” access to its tools. The fitness provider has still made no public statement indicating that it was a ransomware attack, nor if they paid the amount demanded to get access to their systems.

What this Means for Garmin Customers

Customers still do not have full access to their Garmin features, and many are concerned about their safety of their private data at the hands of malicious cyber criminals.

The company issued a statement saying, "We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen." But as Brett Callow, a cyber security researcher at Emsisoft, told Sky News, "Absence of indication is not indication of absence."

A growing number of Garmin customers are still on-edge, waiting to see how this compromise may affect each individual. The hacking group, Evil Corp, is infamous for selling acquired credentials on the dark web, and the security of their credit card information, identifying fitness metrics like weight, gender, age, etc., and other stolen data is still uncertain.

There’s still no indication of how exactly Evil Corp gained access into Garmin to begin with, but this type of compromise is often a result of social engineering exploits. 

A Quick Look at Ransomware

You’ve heard of malware, but what exactly is ransomware? If a hacker injects your computers with malware, they have a number of options. They could peel through your data in secret, stealing private information to sell to other bad actors or to use for their own nefarious activity— like digging deeper into your systems to find even juicier data.

Ransomware, however, is a public affair. It’s a type of malicious software that encrypts a user’s computer or device, sending the user a blatant message telling them their system has been compromised. The criminals lock the user out, demanding a payment or ransom, typically in the form of cryptocurrency so it's more difficult to track, for access of their network or device’s data, often ranging from thousands to millions of dollars. 

This form of malware is a popular attack vector for bad actors targeting government agencies, banks, medical facilities, and similar groups who need instant access to locked information— which are often forced to pay up else face serious reputational and financial repercussions. It’s also a method hackers use on corporations with extremely sensitive information, like law firms, as well as teams with smaller security teams— who hackers know are easy targets.

There’s still speculation about why this type of malware attack was used on Garmin, and obvious concerns about what will happen to the compromised data moving forward.

A Notorious Year for Cyber Threats

With this Garmin breach occurring just days after the large-scale 2020 Twitter scam, it’s safe to say that 2020 has been a big year for cyber attacks.

More employees working from home in light of coronavirus concerns, and hackers are coming up with creative ways to breach corporate security remotely. Educate your team on the dangers of social engineering attacks by reading and sharing our post.

Now is also an incredibly relevant time to assess your company’s current cyber security with a professional penetration test. Learn more about why corporation’s from across the world revere Kevin Mitnick and his Global Ghost Team as the ultimate security testers by learning about The Mitnick Advantage.