Once again, a massive ransomware attack causes a global outage. Garmin, a sport and fitness tech giant reportedly paid millions of dollars in ransom after shutting down from the attack. The attack put Garmin’s wearables, apps, websites, and call centers offline for several days. The payment was presumed to be around $10M.
Several sources have confirmed that WastedLocker ransomware was to blame for the attack. Evil Corp, a known Russian-based hacker group, reportedly operates WastedLocker. Garmin declined to explain the specific cause of the attack but reportedly negotiated with Evil Corp to restore their service. Garmin paid the ransom through a ransomware negotiation company called Arete IR. According to BleepingComputer, Garmin received a decryption key to access data encrypted by the virus.
Last December, Evil Corp was placed under sanctions by the U.S treasury, which prohibits any individual from the U.S from engaging in any transactions with them. By imposing these sanctions, it makes it nearly impossible for U.S based companies to pay the ransom without breaking any laws. BleepingComputer reports that Garmin paid the ransom due to the lack of known weaknesses in the WastedLocker virus code. If this statement is accurate, Garmin could be in hot water from a legal perspective and face fines and sanctions from the U.S. government.
With ransomware attacks increasing, companies need to make significant upgrades in their defense and response preparation. Several sources predict that WastedLocker does not yet appear to be able to have the capability to steal or exfiltrate data before encrypting the victim’s files. Encrypt in-place attacks such as this are much easier to recover. Organizations need the ability to re-image machines and roll-back to a known safe backup and recovery data state. The penalty for not being able to roll back to a secure data state is up to $10M.
With SecureCircle, companies can also protect against releasing data to the public extortion ransom demands. Unauthorized users can never access data protected by SecureCircle, so hackers will not be able to access the contents even if they obtain the protected files. SecureCircle recommends companies do not pay ransoms. There are no guarantees payments will return your data. Paying a ransom makes companies targets for additional ransom attacks. Instead, companies should prevent ransomware attacks with SecureCircle.