Major Garmin outage – What you need to know

Garmin recently suffered a major outage which was reportedly caused by a ransomware attack.

While the company has declined to confirm the reason for the outage, several Garmin employees have said online they believe the incident was caused by the WastedLocker ransomware.

Additionally, Bleeping Computer has reported that Garmin was asked by what is believed to be Russian hacking group Evil Corp to pay a $10-million ransom to unlock its computers.

The head of Evil Corp, Maksim Yakubets, is the subject of a $5-million FBI bounty and is believed to be behind huge attacks on American companies and the American banking system – with attacks on the latter causing over $100 million in financial damages.

Taiwanese website iThome has reported on an alleged internal memo to Garmin IT staff which claims that company servers had been compromised.

Garmin published the following statement regarding the outage:

Garmin is currently experiencing an outage that affects Garmin services including Garmin Connect. As a result of the outage, some features and services across these platforms are unavailable to customers. Additionally, our product support call centers are affected by the outage and as a result, we are currently unable to receive any calls, emails or online chats.

We are working to restore our systems as quickly as possible and apologize for the inconvenience. Additional updates will be provided as they become available.

The company has also published a set of Frequently Asked Questions to assist its customers.

These are as follows:

No surprise – Mimecast

Head of e-crime at Mimecast Carl Wearn said it is not a surprise that another organisation has fallen victim to a suspected ransomware attack.

“It is clear in this instance that the victim has experienced lengthy downtime as a result of this attack, which will, of course, have a massive impact upon the business,” said Wearn.

Wearn said Mimecast research has found that the average downtime an organisation suffers from a ransomware attack is three days, but can extend indefinitely.

“This particular attack is also worrying because of the type of data that could be lost, including both location and personal health data,” said Wearn.

“When consumers trust organisations with this data, it is absolutely vital that it is kept secure. Incidents like these can have devastating consequences for the reputation of an organisation.”

How to protect against ransomware

Wearn said that to minimise the threat of ransomware attacks, organisations must implement resiliency measures to preserve business-as-usual should the worst happen.

“Non-networked backups and a fallback email and archiving process need to become standard security measures if organisations are to significantly mitigate ransomware threats,” said Wearn.

He added that the following measures can be taken to protect against ransomware attacks:

• Individual users can assist by being aware of the potential for unsafe attachments, but should also be wary of clicking any email links received in any communication, as criminals are increasingly utilising URL links rather than file-based attachments to infect networks.
• It is also imperative that remote working software, such as VPNs and any servers are kept up to date in relation to patching, as open-source reporting indicates that ransomware threat actors are increasingly targeting Windows Remote Desktop Protocols (RDP) and exploits to initiate compromise.
• As the more complex threats are often delivered by secondary infection, organisations should also pay particular attention to their patterns of network traffic and data logs to identify any potential compromise.
• There is a potentially short window of opportunity to remediate any initial dropper infection and thereby prevent the further insertion of ransomware.

Now read: Personal data of 270 million users exposed – Where to check if you were affected