Garmin Ransomware Attack

If you’re an outdoor or fitness enthusiast (and let’s not forget those in the aviation world too), you know Garmin services were recently down for a four-day period. The Garmin ransomware attack was interesting for me as a Garmin user and someone who works for an IT security firm.  

I have run on and off for many years, but quarantine has inspired me to run more consistently. I rely on my Garmin watch to track data that helps me reach my goals. On July 23, 2020, I tried to sync my activity and received the following message: “Sorry, we’re down for maintenance. Check back shortly.” Anxious to see my numbers climb up, I kept trying throughout the day with no luck. I track every step, my elevation gain, heart rate, pace, etc. I’m not an avid runner, but the end of the month was approaching, and I was on track to hit my personal best for mileage. Having no access to my progress was making me feel a little crazy.  

The Garmin Ransomware Attack 

On the second day the service was down, we learned that Garmin had been affected by a ransomware attack. I stopped worrying about when I was going to see all my stats and became more concerned about how much personal data Garmin has about me. Not much was reported during downtime, but service was finally restored on July 27th. Garmin posted there is “no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen.” Phew!  

Despite the attack, I still have a lot of trust in Garmin and feel confident they will continue to invest in proactive security measures. I’m thankful for the Garmin team’s heroic work to contain the situation, ensure data safety, and restore services.

What is WastedLocker Ransomware? 

All reports indicate this was a WastedLocker ransomware attack. WastedLocker is a relatively new type of attack and known to not include any data theft functions. I asked Tim Weber, our Director, Security Services for his perspective on WastedLocker ransomware: 

“WastedLocker ransomware is pretty nasty. It seems to be very targeted, primarily focused on large corporations at this time. The good news is that as of the original writing of this blog, Evil Corp – the people behind WastedLocker – do not appear to have released data from organizations affected by their attacks. 

It is a sophisticated attack. Traditional signature-based software such as anti-virus would struggle to detect something this advanced.

This highlights why endpoint detection and response (EDR) software, a behavior-based detection software that looks for anomalies in system behavior, is so much better against today’s security threats than traditional antivirus.” – Tim Weber

How to Protect Your Organization Against Ransomware 

At ADNET, we always advise organizations to take proactive measures. To avoid your organization being down for four days (or worse), learn how to stay protected against ransomware. Don’t know where to begin? We’d be excited to learn more about your organization and help build a solid roadmap together. This is one of the main reasons why I enjoy working at ADNET. We ask questions, listen intently, and advise accordingly. 

What to Do if Your Personal Data is Affected by a Security Event 

Here’s what to do if your personal data is affected by a security event:  

  1. Change your password for that service. This should always be your first step, even if the company says your password wasn’t compromised. Having good password hygiene is important! If your email address was compromised in the same attack, remember to change that password too. 
  2. For all applicable services, especially your email account, ensure  Multi-Factor Authentication  (MFA) is enabled.
  3.  ADNET also recommends the use of a password vault to safely manage and generate complex passwords. 

Now that you have new passwords and MFA enabled, let’s keep on running!