A principios de esta semana, manufacturer of electronics and navigation equipment Garmin suffered a cyberattack and was forced to temporarily shut down a number of services. Now the company said that ransomware attack caused Garmin’s four-day services outage.
Al mismo tiempo, the incident affected not only wearable gadgets and related services, pero también flyGarmin y Garmin Pilot – solutions that support the company’s line of aviation navigation equipment.
Desde el principio, cybersecurity specialists believed that Garmin suffered from the WastedLocker ransomware ataque, and now the manufacturer has issued an Declaración oficial confirming that the incident indeed was connected with a ransomware attack.
“Garmin Ltd. (Nasdaq: GRMN), today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. Como resultado, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications”, — says the statement.
Sin embargo, the company’s representatives have not yet named the specific type of malware used in this attack.
The company says it gradually returns its services to the system. En particular, Garmin Connect and aviation services are already operational (although some are still functioning with restrictions). You can follow the progress of the restoration on a special page.
Computadora que suena, citing its own sources, confidently states that the WastedLocker operators stand behind the attack. Por ejemplo, journalists had at their disposal a screenshot showing a list of encrypted files on the affected machine. To the filenames has been added the .garminwasted extension .
Pronto, researchers were able to find the same WastedLocker strain as used in the attack on Garmin. It turned out that this version of the ransomware actually adds the .garminwasted extension to the files and creates a ransom note addressed specifically to Garmin.
Según Bleeping Computer, the attack on Garmin began with the company’s Taiwan division, and the attackers demanded a ransom of $10,000,000 for decrypting the files.
Let me remind you that WastedLocker activity began in May 2020, and the authorship of this malware is attributed to the Evil Corp group, which is often associated with the Russian special services.
Previamente, the ransomware was used exclusively against American companies, and the ransom amounts that Evil Corp demanded from the victims are estimated at millions of dollars. Por ejemplo, cybersecurity researchers know about a case when hackers asked a company for $10,000,000. En junio 2020, analysts wrote that at least 31 American organizations and companies were affected by WastedLocker attacks.
