Threat Watch

Garmin Struck With Possible Ransomware Attack

Garmin, makers of GPS and wearable technology have suffered what may be a ransomware attack that caused a worldwide shutdown. After the company announced that it was dealing with an outage that affected the mobile app, the website, and the call centers, some Garmin employees shared unconfirmed reports that ransomware was the cause. Some employees suggested that the ransomware has been identified as Evil Corp gang’s WastedLocker. WastedLocker is known for targeting corporate networks and attempting to extort them for millions of dollars. Another interesting hint that could mean ransomware is the cause was a Garmin internal memo published by iThome that stated, “the IT department sent a notice to various departments in Taiwan stating that internal IT servers and databases were attacked, and production lines were also suspended.” No comment has been made by Garmin regarding a ransomware attack.

ANALYST NOTES

Since it is unknown at this time what the circumstances are at this time for Garmin, it is safest to handle the incident as ransomware until more information confirms the details. Companies should always make sure to have secure offline backups of important data in case a ransomware incident occurs. It would also be wise to employ an internal Security Operations Center (SOC) or a managed security monitoring service such as Binary Defense offers with Managed Detection and Response (MDR) or Security Information and Event Management (SIEM) monitoring. This service will detect attacks before they are able to gain extensive control of critical and do serious damage to a company’s network and files.

Source: https://www.bleepingcomputer.com/news/security/garmin-shuts-down-services-after-suspected-ransomware-attack/