3 Things We Can Learn from Garmin’s Ransomware Attack

By Dylan Redekop
September 14, 2020

Posted in Cyber Security

Clearbridge helps businesses with more than just tips to protect you from ransomware attacks. We help by leading your digital strategy efforts through investments in technology. Connect with us to learn more about how Clearbridge can help your business by clicking here. Talk soon!

garmin ransomware attack 3 things we can learn

What Happened? 

Garmin is a well-known brand and a significant player in the fitness, navigation, avionics and marine space. Garmin employs over 13,000 people in 8 countries around the globe, and has exceeded $3 billion in revenues over the past 4 years.  

Despite being a global, multi-billion dollar company, Garmin recently had its data hacked and held for ransom by a suspected Russian hacker gang by the name of EvilCorp. 

Some of Garmin’s systems were compromised and data was held at ransom for a reported $10 million. Garmin’s entire ecosystem was “down” for a number of days leaving its customers in the dark while the hackers had the data locked away using a ransomware strain known as WastedLocker.  

Garmin shut down its call centres and services on July 23, 2020 but kept quiet while they negotiated the attack. Services began to slowly return to normal 4 to 5 days later, though some systems took several days longer. 

Garmin hired Arete IR to negotiate with the hackers and complete the ransom payment. Garmin did not pay EvilCorp a ransom directly. No actual figure for the payment has been disclosed. Reports are that the initial ransom amount was $10 million. Once the funds were transferred through the ransomware security firm, they acquired the encryption key to unlock their systems and data. 

Why Garmin?

As Garmin’s customer data is the lifeblood of their business, EvilCorp knew that infiltrating their systems to encrypt their data would cripple Garmin and force their hand to pay a ransom. 

Knowing full well the company’s revenues (Garmin is a public company with over $3 billion in revenues in 2019 and close to $700 million in net income for 2018), EvilCorp was able to confidently demand a hefty ransom knowing Garmin would have the funds to pay it. Not to mention, many large-scale companies like Garmin are typically well-insured for situations like this. 

How Did They Gain Access?

EvilCorp used WastedLocker—a new strain of ransomware—to encrypt Garmin’s network once they had successfully infiltrated their system. Though nothing has been officially confirmed, these types of data breaches most often occur through social engineering attacks, where an employee is fooled or misled into divulging sensitive information or permitting access to systems and data. 

3 Things We Can Learn From the Garmin Data Breach

  1. Ransomware attacks can happen to companies of any size. The successful attack on Garmin goes to show larger companies are just as vulnerable to ransomware attacks as smaller firms. Professional hackers like EvilCorp may be more likely to prey on companies with bigger wallets, but that doesn’t mean that your business, big or small, will be ignored. A ransomware attack has the potential to bring any business—regardless of size—to its knees overnight. How is your business protected in the event you lose access to your customer data, the systems needed to do business, or without 1.4 billion in cash reserves like Garmin had?
  2. Protect your data! Keeping your customer and operational data safe is an important part of safeguarding your business from ransomware attacks. Regular backups—even hourly in some cases—can render a ransomware attack almost futile. Garmin’s data backups were not recent enough nor were they functional. Do you back-up your data? If so, how often and is it secure or vulnerable to the same types of attacks? 
  3. Cyber Security awareness and training is key. How much do you or your employees really know about cyber security? Awareness, training, and daily reminders to be vigilant of attempted attacks will be a strong defense when paired with other network security protocols. 

 

WRAPPING UP

EvilCorp was able to infiltrate Garmin’s database. If it can happen to Garmin, a ransomware attack can happen to you.

Knowledge is power. Ensuring your staff are aware of the potential threats and how to detect them is a major component to your cyber security strategy. Ensure your company is protected and your staff educated.

Not sure where to start with cyber security? We can help. Get in touch with us to discuss your needs, concerns and how to best navigate the evolving environment surrounding data protection and cyber security.