Skip to content

Garmin one of the latest companies to be hit by increasing ransomware attacks

  • Paying ransomware criminals puts orgs in a hard place of having to decide between encouraging more of this behavior but also needing to get systems back online quickly, which is why security should be placed as a higher priority in this new “normal”

On July 23rd, Garmin was recently the victim of WastedLocker ransomware attack that took a majority of its systems offline. The attackers demanded $10 million dollars in exchange for the decryption keys and to prevent further leaks of data. This quickly caused a lot of public outcry as Garmin is one of the leaders in connected wearables and health devices and even avionic devices. Customers soon took to online and social media as they were surprised to find they no longer had access to their connected services including the Garmin connect, flyGarmin, Strava, and inReach solutions.

Photo of encrypted Garmin workstation
Photo of encrypted Garmin workstation

Garmin ultimately ended up paying for decryption keys through a third-party company called Arete Incident Response to regain access to its files and systems. It appears that instead of first wiping all affected computers to do a clean image install as recommended, Garmin is just simply decrypting workstations and installing security software. This may leave them liable for future incidents as you are never sure what attackers have changed once they have gotten access to your systems. In the future, one of the ways to prevent attackers from causing significant downtime from encrypting your data is to create air gapped backups. This means creating backups of your data offline and that can’t be remotely hacked or corrupted but several orgs shy away from this as it tends to be costly. Orgs who want to focus on security will have to focus on the cost of a future incident or data breach compared to the creation and maintenance of these air gapped backups.

This also creates an interesting dilemma from organizations that have not focused enough on their security posture. If significantly affected by a ransomware incident such as this, orgs will be scrambling to get services back online as quickly as possible. The quickest method is often paying off the ransom in order to get their data back, however this may only encourage more of this behavior from these malicious attackers. This trend of ransomware incidents is only due to increase as the sudden shift to remote work has caused an increase in the attack surface as more orgs encourage the use of bring your own device (BYOD) and the degradation of the traditional identity perimeter. Orgs should place a higher priority on security and focus on getting to a Zero Trust Architecture as quickly as possible.

More from the Blog

October 3, 2022

Twosense Protects Against Credential Stuffing and MFA Fatigue

Credential stuffing is increasing at a record pace. According to Okta’s State of Secure Identity Report, 2022 has...
August 15, 2022

Can You Defend Against MFA Fatigue?

How It Happens Last week Cisco released a security indecent statement and accompanying blog about a breach that...
April 18, 2022

Prompt Bombing MFA

As multi-factor authentication continues to be prioritized for security, evolving ways of bypassing MFA are born....

Sign Up for our Blog

We will never share your email address with third parties.