The blackout at Garmin began with workout apps, then proceeded to more critical services and devices, such as flight planning tools. Customers were contacting the GPS company, reporting that they weren’t working, leaving many to believe, correctly, as it turns out, that Garmin was under cyberattack.
Turns out that Garmin was the victim of a successful ransomware attack, that encrypted their data, rendering the system unusable.
Now, a week after the system started going dark, Garmin states they have been able to restore most of it.
It’s seems astounding that a tech company failed to secure its systems and was able to be compromised but in reality, it seems like it’s just par for the course. The difference is that the impact of this cyberattack was pretty far reaching. It wasn’t just personal GPS and workout apps that were affected but this actually obstructed flight planning and scheduling, and quite simply, had the potential to be catastrophic.
However, the most chilling aspect of this attack wasn’t WHAT was attacked, but more so just the fact that it WAS attacked. It’s just the next example of the scope of the US’s cyber unpreparedness, especially in the face of Russian cyberattacks. The virus that is believed to have been used is a Russian “Evil Corp” program called WastedLocker, which has had sanctions against it since 2019, prohibiting ANY transactions with the cyber group while simultaneously releasing indictments of its leaders – even offering a multi-million dollar reward for any information that led to their arrests.
This attack against Garmin was the biggest test of the sanctions though, because paying the hacker group’s $10M ransom to unlock the data is illegal under the sanctions. And while it’s clear that Garmin didn’t pay up when it was first hit, yesterday it was reported that the company did eventually receive the decryption key… Though they claim to have not paid the hackers *directly.*
What exactly does that mean? “Directly” is a pretty big caveat, and appears to suggest a third party payment of some kind, though Garmin is staying tight-lipped about it.
This also highlights the question of “Just how valid ARE sanctions?” If it’s that easy to backdoor laws, what’s the point?
Officials state that ransomware victims should really stop paying ransoms, but they stop short of making it illegal.
As a cybersecurity specialist, it is extremely frustrating to watch this unfold, knowing that there are so many ways to stop this before it even starts. If the US started investing in increasing awareness of cyber security issues, or even put money towards helping businesses become less vulnerable, the results would be astounding. “An ounce of prevention is worth a pound of cure.” But it seems like, even as these attacks increase in both occurrence and sophistication, businesses are using little more than hope to keep the hackers at bay.
Also, it’s unlikely that there will be any sort of investigation into how Garmin got their hands on the decryption key, thus perpetuating this massive cyber security problem in the US, and signaling to future victims that neither cyber security or sanctions should be of any real concern.
This attack on US businesses is not going away any time soon, and it is truly a real threat. It’s not a matter of “IF” you are attacked, but “WHEN.”
If you’re not sure how well your business would fare in cyber warfare against Russian attackers, chances are, you probably need to beef up your cyber security. Feel free to give us a call with any questions at 919-422-2607, or schedule a free consultation with Craig.
And as the coronavirus rages on with no end in sight, especially here in the US, it also appears that working from home will remain a popular choice for those who are able to work remotely. Hackers have no shame; they have been taking advantage of the decreased cyber security found in home offices since people started to leave the offices. We strongly recommend that you download our free Remote Security Checklist for all your remote workers. It won’t make their home unhackable, but it will definitely make it more difficult while also raising awareness of common security issues we encounter.
And please, stay safe out there.