Skip to Content
July 28, 2020 Article 2 min read

Did you hear about the Garmin cyberattack? If not, listen up: Copycat attacks are common in the cybercrime industry, and ransomware activity is growing.

Man in workout gear checking is smart watch fitness device. You may have heard that cyberattacks are on the rise amid the pandemic. A recent notable example is the ransomware attack on Garmin, the GPS technology company, which was shut down by hackers who demanded $10 million in ransom. The shutdown was certainly frustrating for the runners and golfers who love Garmin’s fitness wearables, but their business goes well beyond fitness. They’re also a critical piece of aviation, marine, and automotive infrastructure, which makes the attack especially alarming.

Here’s what we know so far about the Garmin cyberattack:

Starting Thursday, July 23, Garmin discovered issues with its systems, like fitness tracking products going offline. flyGarmin was also impacted, so pilots couldn’t download flight routes prior to flight operation. In addition to users being unable to use their Garmin products, the Garmin team couldn’t communicate with users.

Garmin’s email and other communications systems, including their customer call center, were brought down. Since most of Garmin’s staff were working remotely due to COVID-19, they couldn’t access the company’s VPN. Even worse, their files were made inaccessible by a program called “WastedLocker.”

WastedLocker is a new kind of ransomware that locks files by encrypting them but isn’t known to steal data from locked files. Using this program, the hackers locked several files and attached ransom notes to each. The ransom notes all had the same demand — that Garmin send an email to two email addresses for the next steps to unlock the files, and ultimately demanding $10 million to release the files. To prevent WastedLocker’s file locking from spreading, Garmin’s IT department systematically shut down its systems. Garmin has also closed production in its factories in Taiwan following the cyberattack.

Who hacked Garmin?

News media reports indicate that a Russian hacking group, Evil Corp., is behind the attack. Evil Corp. is known to operate WastedLocker. Evil Corp is notorious for ransom and phishing attacks in the banking industry. In December 2019, the U.S. Treasury Department sanctioned Evil Corp. for causing more than $100 million in financial damage. Was this attack in retaliation to the sanctions?

Will Garmin pay the $10 million ransom?

While some will say that Garmin’s only option is to pay the $10 million, that’s not exactly an option. Since Evil Corp. is sanctioned, Garmin would be breaking U.S. sanctions law by paying the ransom. This will complicate the process for any payment as it’s hard to say exactly how Garmin will resolve the issue.

Should you be worried about your organization?

While the answer is always “yes,” there are a couple reasons to be extremely cautious now. After a major cyberattack like this one, copycat attacks frequently follow. Compounding the matter, ransomware activity and other forms of cybercrime have increased since the start of the pandemic. Some of this increase can be attributed to staff error, including IT working from home or furloughed and lapses in cyber defenses due to rapid switches to a remote environment. It can also be attributed to opportunism among hackers, who recognize that all the recent chaos presents an opportunity to attack while people’s attention is diverted away from cybersecurity to focus on other major business issues.

Whatever your team is working on right now, it’s of the utmost importance that your IT systems are up to date and constantly being monitored. Let us help your organization stay safe and stay vigilant.