💰💣

Garmin Security Incident

July 23, 2020 1887 days ago Resolved

Incident Overview

Situation Description

Garmin experienced a ransomware attack by cybercriminals using the WastedLocker strain, which encrypted data and disrupted the company's operations and online services for several days.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Technology

Geographic Scope

Global

Response Actions

Isolated Compromised Systems Took Systems or Services Offline Paid a Ransom

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

N/A

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

Garmin paid a multi-million dollar ransom to hackers through an intermediary company.; Garmin's IT teams attempted to remotely shut down all computers on the network as devices were being encrypted.; The company shut down devices in one of its datacenters to prevent the infection from spreading further.

Technical Analysis

Attack Method

Unknown

Threat Actor Attribution

Evil Corp WastedLocker

Additional Information

This post was originally posted at https://invenioit.com/security/garmin-ransomware-attack/ Cybercriminals may have banked millions of dollars in the recent Garmin ransomware attack that shuttered some of the company's operations for days. The hackers behind the attack had reportedly demanded $10 million to restore Garmin's data after the attack took down several of the company's online services. And according to reports , Garmin paid up to the tune of several million dollars. Experts say the incident is a sign that attackers are going after even bigger targets and that more high-profile attacks are yet to come. It's yet another example of the seriousness of ransomware and the need for stronger data backup systems at businesses of all sizes. Here's what we know about the Garmin attack. What happened in the Garmin ransomware attack? The Garmin ransomware attack occurred on Thursday, July 23, as a strain of ransomware known as WastedLocker encrypted data across the company's networks. The first signs of trouble were apparent when the company's India division tweeted at 5:12 a.m. that its servers were "down for maintenance," limiting the performance of Garmin's online services, such as Garmin Express. The company added, "We are trying our best to resolve it asap," making it clear that the incident was probably not a planned maintenance. A few hours later, Garmin's primary social accounts released similar messages, adding that the incident "also affects our call centers, and we are currently unable to receive any calls, emails or online chats." Later in the day, some tech news sites began reporting that the incident was a result of a ransomware attack. Garmin confirmed the attack a few days later in a company statement . How did the attack happen? Details are still scant on how the Garmin ransomware attack occurred, but most ransomware attacks hinge on human error: via phishing scams that fool company employees into entering their credentials into fake login pages,...

... (truncated for display)

Quick Facts

Company:: Garmin
Date:: July 23, 2020
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: nan

Source Information

Original Query

how did "Garmin" recover from "WastedLocker" ransomware attack

View Original Source

Timeline

Information Published

nan

Incident Occurred

July 23, 2020 (1887 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats