Earlier this year, the GPS and fitness wearables giant Garmin fell victim to a ransomware attack that encrypted internal systems and prevented customers from accessing online services. The Garmin Security Breach is now one of many high-profile ransomware attacks targeting large organizations.
Since the 2017 WannaCry ransomware outbreak, ransomware has remained a persistent threat to enterprises. Safety Detectives estimates that the average digital payoff per ransomware incident will reach $8,100 during 2020.
With attackers developing more sophisticated ransomware strains, enterprises need to know how to confront the next generation of cyber threats. This article will examine what happened during the Garmin Security Breach and how cyber security leaders can defend against ransomware attacks.
The Garmin Security Breach: Here’s What Happened
On July 23rd, cyber criminals targeted Garmin with a ransomware attack that encrypted the company’s internal systems and shut down critical services like Garmin Connect, flyGarmin, Strava, and inReach. The company first detected the attack when employees began to share photos of encrypted workstations.
Once hackers encrypted the files, they demanded a ransom payment of $10 million to restore access to the data. Within four days, the company had begun to restore its services and used a decryption key to lift the restrictions, which led BleepingComputer to conclude that Garmin paid the ransom due to the lack of known weaknesses used in the code.
While Garmin hasn’t commented on whether or not it paid the ransom, it addressed the incident in a press release released on July 27th, which noted that many “online services were interrupted, including website functions, customer support, customer-facing applications, and company communications.
According to some reports, Garmin employees believe that WastedLocker is the strain of ransomware behind the attack. WastedLocker was created by the hacking group Evil Corp, which was added to the US sanctions list last year for stealing over $100 million from banks and financial institutions.
Key Lessons Learned from the Garmin Security Breach
The Garmin malware attack showed that no one is safe from cyber criminals and that sizeable online service providers are a prime target for ransomware. Some of the key lessons are:
- Ransomware attacks are highly targeted
Hackers target organizations like Garmin because they hold valuable user data vital to their online services and can afford high ransom demands. By encrypting essential user data, the attackers pressured the wearables provider to pay the fine to avoid prolonged downtime.
- Paying a ransom sets a dangerous precedent.
With Garmin suspected to have paid the ransom, there is a high risk that other cybercriminals will target it for future attacks, believing that the company will agree to pay the forthcoming ransom. In other words, paying a ransom sets a precedent that incentivizes other hackers to target a company and funds them for their next attack.
- Many ransomware attacks are impossible to decrypt
As cyber criminals develop more advanced ransomware, it is increasingly challenging to decrypt these attacks. With some ransomware strains, the only way to get your data back is by paying a ransom to the attacker to obtain a decryption key, even though you have no guarantee the attackers will return access to your files.
- A single error can cause a ransomware outbreak.
The WastedLocker ransomware alleged to be behind the attack is most commonly triggered when a user downloads a malicious software update from a website. An employee could have quickly started the outbreak by clicking on a fake link and infecting the entire network.
- Falling victim to ransomware can damage your reputation
Developing a reputation for data leaking is terrible for acquiring new customers and retaining existing ones. Potential Garmin customers now know that the company is susceptible to data breaches, making them less enthusiastic about submitting personal information.
How to Stay Safe from WastedLocker and Other Online Threats: Tips for Cyber Security Leaders
The best way to stay safe from falling victim to ransomware is to avoid contracting it in the first place. Here are some actions that can help you reduce the chance of being infected with ransomware:
- Focus on employee training
Your employees are your first line of defense against threats like ransomware and phishing attempts. Training solutions like phishing simulation tools are vital for educating employees on avoiding fake links or attachments that could compromise your systems.
- Use security awareness training and phishing awareness training
Developing your employees’ knowledge with security awareness training and phishing awareness training will keep the latest ransomware, phishing, and social engineering threats top-of-mind, reducing the risk of an outbreak.
- Develop internal cyber security heroes to raise awareness
Train interior cyber security heroes about the latest threats and security measures so they can guide other employees on how to protect your organization. A complete training and mentorship program will prepare these ambassadors to train other employees and help build a security-conscious culture.
- Keep software and devices up-to-date.
Many ransomware types, such as the famous WannaCry ransomware strain, use unpatched system vulnerabilities to encrypt the victim’s files. Keeping workplace software and devices updated eliminates vulnerabilities so that fraudsters have no entry point to break into your systems.
- Produce regular cyber security campaign updates
Releasing regular updates about the latest cyber threats and security best practices provides employees with valuable information about protecting themselves against new threat vectors. For example, a timely email detailing how to spot a phishing scam or a fake website can help employees identify threats more consistently.
- Limit administrative rights on computers
Whenever possible, reduce user privileges on endpoints and use policies to control what is allowed and not to be executed on a computer.
- Backup your data
Use a secure option to back up your data that cannot be compromised if a computer is infected with ransomware.
Recap
A “successful” ransomware attack can be financially devastating to the victim. The combination of ransom, downtime, and reputational damage is enough to put you out of business.
With hackers honing their skills and producing ransomware that’s harder to decrypt, the only way to stay safe is by being proactive and training your employees regularly with security awareness training. Security awareness training gives your employees the tools to respond to everything from a ransomware attack to a social network breach.