Security News

What we can learn from the Garmin ransomware attack

Avast Security News Team, 3 August 2020

How businesses and consumers alike can stay proactive against big hacks

Nearly two weeks after getting shut down by a ransomware attack, navigation and fitness giant Garmin’s systems are getting back to normal. As of late last week, users’ dashboards and workout data were up and running. Functionality for other services like third-party courses and daily summaries was still limited, but, for the most part, the threat has passed.

How Garmin solved the issue is unclear. The company isn’t saying whether it paid a ransom or trouble-shot the problem itself. We may never know.

But we can learn a few things from one of the decade’s highest-profile ransomware attacks so far. Threats are out there – and they’re getting more ominous. Ransomware incidents can take down your business and hurt your brand. You need a detailed plan to react to these types of threats. And, as a consumer, you should redouble efforts to protect against hackers targeting you.

The rise of ransomware

In recent years, ransomware attacks have taken aim at strategic applications like industrial control systems and critical infrastructure such as oil refineries, gas pipelines and power grids. While Garmin is known primarily for its SmartWatch and other fitness apps, this latest attack shut down its flyGarmin and Garmin Pilot apps, grounding the company’s flight-planning mechanisms and updates to mandatory FAA aeronautical databases. This is concerning.

Although it hasn’t been confirmed, speculation about the hacking group’s identity is focusing on “Evil Corp.,” a Russia-based group allegedly behind dozens of ransomware attacks over the past decade. Multiple reports identify the ransomware strain as the WastedLocker which penetrates active defenses and encrypts files. This is harsh. What’s more, no cryptographic weakness has yet been identified in this ransomware, which means that there are no possible (free) decryption options. For this reason, it’s a real possibility that Garmin paid the ransom in order to obtain a working decryption key

Ransomware can cause real damage

If you refuse to pay hackers’ demands, it can cost you. Norsk Hydro, a global aluminum producer, had files encrypted across its 22,000 computers in 40 countries. Rather than pay up, the Norway company shifted its 35,000 workers to pen and paper. A year later, the company has caught up, but it suffered tens of millions in damages.

Also worth noting is the technique known as doxing, which has been used by an increasing number of ransomware groups during the last year. In these cases, the attackers exfiltrate your files before encryption and blackmail you twice – first, they demand an initial payment for decrypting the files, then a second for not publishing them publicly. If you reject either of these demands, they threaten to publish the data or sell it on the dark web.

Nevertheless, experts say paying up can lead to more damage – both to your business and to society. Giving in will likely help finance new ransomware strains and support other criminal activities. Companies that pay also have no assurance they’ll get their information back.

You need to plan

With attacks on the rise, it’s crucial that you make ransomware prevention part of your digital life. You need to set up fallbacks or systems to switch over to in the event of a hack. You need to create a detailed security model to protect against outside attacks and respond quickly. This includes instituting technical controls and conducting extensive security awareness and training.

You also need to be transparent. Garmin took several days to disclose that its systems had been hit with a cyber attack. The company initially rejected reports that the incident was a ransomware attack but later confirmed that the WastedLocker variant had been involved. The lack of a quick explanation – and the inability to respond to calls, emails and online chats – leave users angry and frustrated.

What can a consumer do?

As a consumer, you need to be aware that fitness apps like Garmin’s contain a lot of personal information. Watch what you share, and be cognizant of the information sharing practices and security practices an app provider deploys.

On a personal note, there are steps people can take to prevent ransomware both at their companies and at home. These include the following:

  • Keeping antivirus software up to date
  • Being aware of pop-up installation requirements
  • Thinking twice before clicking on links
  • Not downloading apps from unknown sources
  • Backing up all important files on your device
  • Updating your operating system and your apps