Early last week it was confirmed that GPS technology company, Garmin, has succumbed to a large-scale cyber-attack that has affected a significant number of their services worldwide, including apps, online services and call centres.
On 23 July, Garmin shut down many of it’s services in response to a ransomware attack that had affected their internal network. Ransomware is a form of malware that, having gained access to a victim’s system, will encrypt as many files as it possibly can, leaving users without their data. The only way to obtain the decryption key is to pay a ransom to the attack actor, who may or may not honour the ransom payment.
The Extent of the Attack
Ransomware has been plaguing the cyber world for a number of years now, as attack actors discover new and effective ways of making money from their victims. It was later confirmed that Garmin had fallen victim to a ransomware strain known as WastedLocker. The hackers in question allegedly demanded a US$10 million ransom from Garmin to regain access to their data. There is speculation that Garmin has since paid this ransom, or come to an agreement with the hackers.
Initially, Garmin had not confirmed that it had been affected by a cyber-attack, but instead shut down their services under the guise of a maintenance period, while they scrambled to prevent further spread of the ransomware. Employees later leaked to media that it had indeed been impacted by a cyber-attack. Reportedly, IT staff shut down all devices hosted in a data centre to prevent the spread, and this resulted in the global outage.
The affected services impacted staff and users worldwide. Garmin reportedly could not send or receive calls or emails or conduct online chats. Users of their fitness tracking apps could not track any statistics whilst exercising, and pilots were not able to use Garmin’s online aviation systems. However, Garmin has announced that there is no evidence that any personal information was stolen. This week, Garmin have restored the majority of their services and systems.
A Targeted Attack
It is very apparent that this was a targeted attack, and the actors had set their sights on Garmin specifically. It is not yet publicly known how the ransomware actors gained access to Garmin’s systems, or why Garmin was targeted. Many ransomware attacks access target systems through malicious email attachments, or by directing staff to malicious websites via email. Personnel are often seen to be the weakest link in cybersecurity, and malicious actors are constantly exploiting this weakness. Poor cybersecurity awareness and training is directly linked to these weaknesses, and often play a major part in cyber-attacks.
Investing in regular cybersecurity awareness and training drastically reduces the attack surface for email-based and phishing-based ransomware attacks. Agilient specialises in helping organisations improve their cybersecurity awareness, and is able to assist in catering to all business requirements. If you’d like to learn more about how our expert consultants can assist your organisation, contact us today.
Author: Jack Schofield, Agilient Consultant