Garmin.com the recent target of the WastedLocker Ransomware
Garmin Ltd. Is a multinational company based in the U.S. formerly known as ProNav was recently afflicted by the notorious WastedLocker Ransomware. The company mainly deals with GPS and navigation-related products, both hardware and software. Now it is widely known as a sports and fitness giant. It is also a publicly listed company under NASDAQ.
Making it an ideal target to seek big-time ransom due to its industry size and the risks the company can face in case of a data breach. Recently, their services went offline due to an “outage.” The affected services are Garmin.com and Garmin Connect. The outage extended to its operations in their contact centers in all avenues. Therefore leaving the clients and customers in the dark.
It appears that Garmin has confirmed through a news outlet that no data specifically on Personal Information, Payment Details, or activity has been compromised. This is good news because the ransomware cannot exfiltrate the data before extracting it.
Evil Corp, the group behind the series of ransomware attacks, lead by a Russian National Maksim Yakubets is said to be behind the attack. He also used a powerful password-stealing malware called Dridex, eventually that malware was creatively used to deliver ransomware.
How difficult is it to decrypt the data done by Evil Corp?
Extremely difficult, because the U.S. Government, mainly the Treasury, banned its citizens by law to transact with the identified ransomware individuals. Therefore, even if the victims decide to pay the ransom to save the data and avoid lawsuits, they will have to go through difficulties to get their hands on a decrypter. Decrypters can be obtained by:
- Paying the ransom to the Ransomware group through a middleman services
- Wait for the Anti Malware experts to crack the code and reverse engineer a decrypter
Option 2 sounds nice because it is for free. However, there are consequences to this option. Such as time constraints, imagine you will have to wait for 6 months to one year to decrypt your files? By not paying the ransom, data that are encrypted will be unusable. A domino effect is then cast, making the services of the corporate victim unusable. This translates to the loss of business opportunities. In other words, the losses are more significant for not paying the ransom than actually paying it.
Time is money, opportunities only happen by chance
As the saying goes, “Time is Gold.” For corporations and businesses, going out of business due to an outage is unacceptable. Also, once a Personal Identifiable Information is mishandled, a swarm of a lawsuit will follow. The costs will be unimaginable for any corporation as it will impact its reputation on the international stage.
iZOOlogic attempted to recover any data affiliated to Garmin as a way to validate its statement that no data was exfiltrated. We do believe that the ransomware itself cannot exfiltrate data. As a result of our search, the dark web did not contain any valid dumps of information. No data on Garmin is for sale in the deep web of forums based on the recent ransomware attack.