A Look at the 2020 Garmin WastedLocker Ransomware Attack

August 12, 2020

On July 23, 2020, American GPS and fitness-tracker company Garmin was hit by a ransomware attack that caused widespread disruption to the company’s online services and affected millions of users who rely on the technology in their daily lives.

The attack encrypted Garmin’s internal network and caused the company to implement a multi-day maintenance window to contend with the attack. The services that were offline due to the attack include the company’s website, Garmin Connect user data syncing service, flyGarmin aviation navigation and route-planning service, and even some company production lines in Asia.

Garmin was down for maintenance for five days, and even when the service came back up, the company was still plagued by syncing issues and other delays. Garmin admitted that the attack also impacted its call centers, leaving customers frustrated when the company was unable to respond to calls, emails and online chats sent by users.

File-encrypting malware is thought to be the cause of the outage. This is not uncommon as ransomware is often spread through phishing emails. Victims of ransomware malware attacks are typically contacted after their computers are infected and told they must pay a financial ransom if they want the files returned to their original state. Large companies are commonly the target of ransomware malware attacks as they are well insured and can afford to pay the ransom, which is often in the millions of dollars.

Garmin ransomware attack details: WastedLocker

Garmin’s attack was thought to be caused by a relatively new strain of ransomware called WastedLocker, which has been tied to malware created by the notorious Evil Corp from Russia. This hacking group was previously sanctioned for using banking-related malware to steal more than $100 million from financial institutions over the last decade. The WastedLocker hackers reportedly demanded $10 million to unlock the encryption that was holding Garmin’s systems hostage. Although the company declined to give details, it was reported that the company likely paid the ransom as it is using a decryption key to regain access to its files. As WastedLocker’s encryption has no known weaknesses, the only way Garmin can be decrypting its files is if the hackers provided the key.

How to Protect from Ransomware Attacks

As it is almost impossible to recover encrypted files without paying the ransom, it is imperative that companies implement preventative mechanisms against ransomware malware attacks.  Since a primary attack vector is employees downloading malicious files sent in phishing attacks, the best defense is to stop the files before they enter the organization’s network. 

With Votiro’s Secure File Gateway, 100% protection against weaponized files is guaranteed.  Unlike detection-based file security solutions that scan for suspicious elements and block some malicious files, Votiro’s revolutionary Positive Selection technology singles out and allows through only the safe elements of each file, ensuring every file that enters the organization is 100% safe.

To learn more about how Votiro’s innovative approach to file security can keep your organization safe, click here.