Garmin-ransomware

Garmin, the developer of smartwatches and GPS devices, along with its popular app for monitoring physical exercise and sharing results with other services and devices, has become one of the latest victims of ransomware. On July 27, the company announced the recovery of normal activity after the attack from the WastedLocker ransomware, which first appeared earlier this year and has now caused a five-day outage of Garmin’s services.

The most advanced protection against ransomware attacks

New ransomware – WastedLocker

This targeted attack may have begun at the company’s Taiwan offices on July 23 and led to problems in the Garmin app, forcing the company to acknowledge that it was “experiencing an outage”, which could indicate they were facing a large-scale hack that would not only affect the synchronization of user data, but could also interrupt all online services -website, customer services, customer orders and corporate communications- rendering the company effectively inactive.

WastedLocker has been associated with a Russian cybercriminal gang known as Evil Corp and is part of a relatively new ransom campaign. This attack would represent the latest in a long list of cyberattacks against organizations perpetrated by this group, who were also responsible for the Dridex banker malware and the BitPaymer ransom campaign.

Analysis by WatchGuard Technologies has indicated that Evil Corp primarily deploys WastedLocker via SocGholish’s fake update framework, which spoofs a browser update page to trick users into downloading a malicious JavaScript or PowerShell file.

Despite the virulence of the attack, Garmin has stated that there is no indication that hackers have accessed, leaked, or stolen customers’ data nor payment details related to Garmin Pay. However, Garmin users are advised to change their service password.

Controversial ransom payment

 After a few difficult days, the company appeared to have regained control of its systems and tools, as all services had been reestablished. This sudden return to normality could suggest that Garmin had opted to pay the $10 million ransom demanded by the hackers. Yet such a move, if proved to be true, would generate serious legal problems for the company, as this seasoned Russian cybercrime group has been outlawed by the US Treasury since last December.

Evil Corp has had a ‘wanted’ tag ever since it caused more than $100 million in financial losses to the US banking system. As American companies are forbidden from doing business with individuals or organizations that have been sanctioned by the US Treasury, Garmin would be in breach of the law if it were to pay the ransom.

IoT- Problems and solutions for businesses

We are now witnessing how cyberattacks represent a constant threat, expanding as more and more devices connect to the Internet. Personal data is one of the main targets of cybercriminals and with the consolidation of the Internet of Things (IoT) and the exponential increase in the number of connected devices, although there are many advantages, as users we must be aware that the trade-off is the security of our personal data.

Devices such as video surveillance hardware, wearables, loudspeakers, and virtual home assistants such as those from Google, Apple, or Amazon, all pose a privacy risk, and this applies across many sectors. Even medical equipment (pacemakers, scanners, X-ray machines, infusion pumps, respirators, etc.) is now often network-connected, making potential targets for cyberattacks.

To effectively counter WastedLocker and other new threats, companies need protection against advanced threats and targeted attacks which is capable of detecting anomalous behavior. They should have a system that can ensure data confidentiality, information privacy, and business reputation, as highlighted by the case of Garmin. This is Adaptive Defense 360, the only advanced cybersecurity system to combine next-generation protection with the latest detection and remediation technologies and the ability to classify all running processes.

The post Garmin: the latest wearable attacked by ransomware and a controversial ransom appeared first on Panda Security Mediacenter.