Garmin Cyber-attack Garners Up To $10 Million Ransom To Hackers

The News: A Garmin cyber-attack made the tech company pay some or all of a $10 million crypto ransom to hackers who managed to encrypt the firm’s internal network and take down several of its services on July 23. According to an August 1 report from Lawrence Abrams at Bleeping Computer, Garmin’s IT department used a decryptor to regain access to workstations affected by the initial WastedLocker ransomware attack. The malware took down the company’s customer support, navigation solutions, and other online services. Garmin’s script contains a timestamp of ’07/25/2020′, which indicates that the ransom was paid either on July 24 or July 25. Read the Bleeping Computer report here.

Analyst Take: As I have written about cyber-attacks before, I noted they are going to be on the rise, particularly during a time of crisis when companies are most vulnerable. In this instance, during a global pandemic, when not all employees are physically in offices and are relying on remote collaboration during an emergency.

So much security discussion is around mitigation, but it in reality, a lot of security is reaction and recovery. As hackers demanded $10 million for the keys to liberate Garmin’s systems, Sky News reported that the company ultimately paid, likely through an intermediary. Garmin has declined to comment much beyond confirming that a cyberattack did occur. The company’s CEO Cliff Pemble released a statement saying, “Most of you are aware of the recent cyberattack that led to a network outage affecting much of our website and consumer-facing applications. We immediately assessed the nature of the attack and started remediation efforts. We have no indication that any customer data was accessed, lost, or stolen.”

Garmin was lucky in that ransomware attacks usually involve the stealing of files and then the threatening to dump them online if a payment does not come through. Another recent and very public attack against nonprofit software company Blackbaud resulted in hackers stealing files from at least 125 of its clients, including Planned Parenthood and the UK’s National Trust.

Garmin was hit by a relatively new strain of ransomware called WastedLocker, which has been tied to the Russia’s Evil Corp malware dynasty. For about ten years, the hackers behind Evil Corp has been using banking-focused malware to steal more than $100 million from financial institutions. In 2017, Evil Corp began incorporating Bitpaymer ransomware into its theft practices.

Unfortunately, Garmin reports that it hasn’t fully recovered and is still having syncing issues and delays of the Garmin Connect platform. As ransomware is growing in popularity and becoming more sophisticated, holding large institutions like banks, hospitals and even whole cities for ransom, it’s only a matter of time before a big ransomware attack happens again. Companies today need to make sure they have the latest tools for mitigation and CISOs must make sure they have a fast-reacting plan for disaster and recovery.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.

Other insights from the Futurum team:

What the Massive Twitter Hack Means for CISOs and Security Vendors

CISO’s Playbook for Leading Security During COVID-19 – Futurum Tech Podcast Interview Series

Failing IoT Security Means Old Malware Makes IoT Comeback

Image Credit: Cycling Tips

Author Information

Sarah most recently served as the head of industry research for Oracle. Her experience working as a research director and analyst extends across multiple focus areas including AI, big data and analytics, cloud infrastructure and operations, OSS/BSS, customer experience, IoT, SDN/NFV, mobile enterprise, cable/MSO issues, and managed services. Sarah has also conducted primary research of the retail, banking, financial services, healthcare, higher ed, manufacturing, and insurance industries and her research has been cited by media such as Forbes, U.S. News & World Report, VentureBeat, ReCode, and various trade publications, such as eMarketer and The Financial Brand.

SHARE:

Latest Insights:

On this episode of The Six Five Webcast, hosts Patrick Moorhead and Daniel Newman discuss Meta, Qualcomm, Nvidia and more.
A Transformative Update Bringing New Hardware Architecture, Enhanced Write Performance, and Innovative Data Management Solutions for Hyperscale and Enterprise Environments
Camberley Bates, Chief Technology Advisor at The Futurum Group, shares insights on VAST Data Version 5.2, highlighting the EBox architecture, enhanced write performance, and data resilience features designed to meet AI and hyperscale storage environments.
A Closer Look At Hitachi Vantara’s Innovative Virtual Storage Platform One, Offering Scalable and Energy-Efficient Storage Solutions for Hybrid and Multi-Cloud Environments
Camberley Bates, Chief Technology Advisor at The Futurum Group, shares insights on Hitachi Vantara’s expanded hybrid cloud storage platform and the integration of all-QLC flash, object storage, and advanced cloud capabilities.
Dipti Vachani, SVP & GM at Arm, joins Olivier Blanchard to discuss how Arm is revolutionizing the automotive industry with AI-enabled vehicles at CES 2025.

Thank you, we received your request, a member of our team will be in contact with you.