Garmin Confirms Services Upended by Ransomware Attack

Garmin confirms ransomware attackWomen in Tech: 20 Trailblazers Share Their Journeys Successful women in the tech trenches share their insights and tackle subjects ranging from how to search out a strong mentor to how to be one -- from how to advance in a large company to how to start your own firm. Get the Kindle or Paperback . Garmin confirmed Monday that many of its online services have been disrupted by a cyberattack on its systems that occurred on July 23, 2020.

Services disrupted by the attack, which encrypted data on the systems, included website functions, customer support, customer facing applications, and company communications, the company noted in a statement.

"We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen," the company stated. "Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

Garmin specializes in GPS technology development of navigation and communications products. It serves the auto, aviation, fitness, marine, and outdoor markets.

The company estimated that operations would be back to normal "in a few days." Garmin cautioned, however, that as systems are restored, there may be delays as backlogged information is processed.

Sensorama was the first attempt at VR experience, this unique concept was developed by a cinematographer named by Morton Heilig. This VR device was aimed at stimulating a person’s senses.

No material impact is expected on operations or financial results due the outage, the company added.

Garmin's damage assessment may be overly optimistic, though. "If the average data breach costs the victim [U.S.] $8.9 million, then in this case, it's probably more than that," asserted Chloé Messdaghi, vice president of strategy at Point3 Security, a provider of training and analytic tools to the security industry in Baltimore, Md. "With WastedLocker, the attack also cripples the network and getting it up and running again becomes extremely expensive," she told TechNewsWorld. WastedLocker is the ransomware believed to be used in the Garmin attack.

Customized Payload

The sortie on Garmin has the characteristics of a typical ransomware attack.

"The usual ransomware tactic by cybercriminals is to gain initial access to an organization, perform privilege escalation attacks to gain administrator access to the entire environment, find and delete backups if possible, then run their ransomware to encrypt as many computers as possible," explained Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz. "Without confirmation, it's impossible to say if the attackers here were able to locate and delete Garmin's backups, but the resulting multi-day outage demonstrates that even with a highly secure backup strategy, ransomware attacks can be massively disruptive to victims," he told TechNewsWorld.

The First VR Headset came out in the 1960’s. Coined as the “Telesphere Mask” by inventor Morton Heilig. This device features stereoscopic (3-D) TV, wide vision and true stereo sound.

While common tactics were used by the attackers, their software appears to be customized for Garmin. "The ransomware payloads are customized per each individual client, so Garmin ransomware extensions were 'garminwasted,'" explained Tom Pace, vice president for global enterprise solutions at Blackberry.

"They are also selective in the assets they tend to target within victim environments to maximize damage and probability of a client making the ransom payment," he told TechNewsWorld.

Although there have been a few high-visibility ransomware attacks, most of them are kept on the Q.T. That wasn't the case with the Garmin intrusion. "The most notable distinguishing feature of this attack is how visible it is to the outside world," observed Saryu Nayyar, CEO of Gurucul, a threat intelligence company in El Segundo, Calif.
"Garmin provides numerous services related to their devices and mapping software, and this attack had a substantial impact on those services, which is why people worldwide have taken notice," Nayyar told TechNewsWorld.

Russian Connection

Reports on the ransomware attack have linked it to Russian hackers, primarily because of the malicious software used in the intrusion. "Attribution is always a tricky issue, but in the case of WastedLocker, the ransomware actually signs itself as WastedLocker," explained Ben Dynkin, co-founder and CEO of Atlas Cyber Security, a provider of cybersecurity services in Great Neck, N.Y. "While third parties can deploy this ransomware variant, it is a very reasonable assumption to attribute the activity to the Evil Corp cybercriminal syndicate," he told TechNewsWorld. "The U.S. Treasury Department has clearly and unambiguously attributed the conduct of Evil Corp to Russian nationals in other operations."

The Military Is Using It. It turns out that the U.S. military is totally loving virtual reality. The Army, the Navy, and the Air Force have all used virtual reality in the past few years to train their soldiers. Keep in mind that this is not a game but a real training for some intense military action, including flying, medical training, fighting in the battlefield, and driving as well. The military is also reportedly using virtual reality in getting new recruits.

"We cannot make a definitive attribution that this is state sanctioned activity -- even though there is some evidence that Russian military officials are involved with Evil Corp.," he continued. "That means we can attribute this activity to Russian criminals, but not the Russian state." Garmin would be a typical target for Evil Corp, added Point3's Messdaghi. "We haven't seen any indications that Evil Corp has attacked small businesses or individuals," she said. "They're going after corporations with the wherewithal and motivation to pay to prevent business losses."

$10 Million Ransom

It's also been reported that the ransomware raiders have asked for $10 million to undo what they've done to Garmin's system. So far, Garmin has been mum on making any ransom payments.

"It's never recommended that companies pay extortion demands to cybercriminals, if at all possible," Cerberus Sentinel's Clements said. "Extortion payments both strengthen the cybercriminal operations responsible and encourage other organizations to attempt the same attacks."

He acknowledged, however, that victims have little recourse but to pay the demands. "A common tactic employed by ransomware gangs is to find and delete any backups before running their encryption," he explained. "This leaves the victim with the choice of paying the ransom or having to rebuild their environment and data from scratch."

PSVR headset was developed from Sony engineers tinkering in a Lab building quietly without any executive direction.

"In the best case of this scenario, rebuilding from scratch can takes months to complete and cost many times more than the ransom payment demand," he continued. "In the worse cases, mission critical data that is encrypted can't be restored and the only option for recovery is paying the extortion demands."

However, paying off Evil Corp is more complicated than paying off the typical online extortionist. "Back in December 2019, the U.S. Treasury department delivered sanctions against the Evil Corp cybercriminal organization," explained James McQuiggan, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla. "As part of those sanctions, no U.S. organizations are allowed to conduct transactions with the group," he told TechNewsWorld. "Even if Garmin wanted to pay the ransom, they would have to collaborate with the U.S. Treasury, FBI, and other government agencies to send the funds."

Travel companies are using virtual reality to allow customers to visit places and determine if they wish to visit in real life.

Those government agencies, though, may come under pressure to turn a blind eye to any sanction violations should Garmin not get all its systems online without the cooperation of Evil Corp.

"The problem is Garmin controls and maintains significant critical infrastructure and services used by pilots and others, perhaps even by the U.S. and other militaries," Blackberry's Pace explained.

"If they can't recover the data on their own and it will have a significant bearing on national security or critical infrastructure, the proverbial rock and a hard place dilemma would seem to present itself."