Jump to content

Whoops... Ransomware at Garmin


Recommended Posts

The entity responsible:
WastedLocker is a relatively new type of ransomware run by a malware exploitation gang called Evil Corp. It is believed to be based in Russia according to
 
Malwarebytes Labs. The ransomware works differently from others and can be tailored specifically to the security set up at an individual target, usually large companies in the U.S. and a few in Europe. The malware encrypts each file and uses the name of that file to log a ransom note in the system. Like all malware, it gets into a system through a bogus alert or request that someone with credentials mistakes for a legitimate issue, typing in his or her login. After that, the infiltration is virtually unstoppable and can even affect cloud backups of data.

I think we can do something about this since it is in Russia? We do have a good relationship with them, don't we?

  • Haha 1
Link to post
Share on other sites

*Members that donate $10 or more do not see advertisements*

1 minute ago, wishboneash said:

The entity responsible:
WastedLocker is a relatively new type of ransomware run by a malware exploitation gang called Evil Corp. It is believed to be based in Russia according to
 
Malwarebytes Labs. The ransomware works differently from others and can be tailored specifically to the security set up at an individual target, usually large companies in the U.S. and a few in Europe. The malware encrypts each file and uses the name of that file to log a ransom note in the system. Like all malware, it gets into a system through a bogus alert or request that someone with credentials mistakes for a legitimate issue, typing in his or her login. After that, the infiltration is virtually unstoppable and can even affect cloud backups of data.

I think we can do something about this since it is in Russia? We do have a good relationship with them, don't we?

Wonder if there is any relationship to Dr. Evil, who is famous for asking for One Million Dollars.

  • Like 1
Link to post
Share on other sites
13 hours ago, gsxrpilot said:

I lot of misplaced anger and frustration in this thread. I make my living building defenses against this stuff. It's a good living, and allows me to fly a nice airplane. 

Much of these attacks are automated. The Internet is a toxic river of viruses, malware, and other dangerous code. It's not blaming the victim but rather wondering why they went swimming without the full hazmat suit on. None of us would want to live without the Internet and the interconnectedness that we all benefit from. But the very data processing power that provides the benefits, also makes it a very dangerous place. So there are best practices that companies like Garmin have to follow or they leave themselves wide open to this type of attack. Maybe they'll take it seriously going forward.

Amen brother. There have been a number of companies that have succumb to the arrogance that they can survive with minimal security measures in place. And then there are companies with excellent security in place but fall victim to the poor front line worker who opens a link in an email and creates the havoc. My company constantly sends our employees internally generate fake malware of different flavors as an ongoing effort to educate employees to the risk. We have a link on our Outlook toolbar called "Report Phishing". It is designed solely for employees to report suspect email. I wonder if they ever figured out that I send all my boss's emails there? :ph34r:

  • Like 2
Link to post
Share on other sites

An old trick was to scatter a few infected USB dongles around in the parking lot of the intended target.    Invariably somebody would pick one up and plug it into something on the internal network to see what was on it.

People are always the weakest link in the security chain.   My fave was when the Qualcomm CEO left his laptop unattended at a conference and it walked away on its own.  ;)

https://www.latimes.com/archives/la-xpm-2000-sep-18-fi-22857-story.html#:~:text=A team of techno-sleuths,at a conference in Irvine.

I'm sure many of us who have worked in technology have our own stories of experiences with electronic attacks or industrial espionage.   At a very large household-name technical employer a girl in a jumpsuit with a company badge (which turned out to be fake) walked in, asked specifically where so-and-so sat, went to their cube (they were away at the time) and walked off with their computer.   I think the idea was that she was posing as somebody from IT.   We never heard how she got into the building, which was "secure", but he lost a lot of time having to re-create everything he was doing from the last backups, etc.  He was working on a specific piece of technology that somebody apparently thought they either needed to have themselves or needed to slow down our effort. 

I wouldn't make any assumptions about how Garmin got penetrated or who did it.   It's a wild, dark, world out there and visibility into the far end is nearly nonexistent, and even if or when somebody figures it out, it rarely becomes public information.

  • Like 1
  • Sad 1
Link to post
Share on other sites

It seems Garmin has to clean up its IT and security infrastructure and do it soon (maybe some heads will roll). I am sure this is a wake up call to others in the same business who I am sure are scrambling to make sure they don't fall victim as well. I have been happy and impressed with Garmin's hardware but their software/update mechanisms are just kludgy and they really need to step up in this regard. That probably reflects in how they deal with their IT infrastructure as well. There are no winners here. If Avidyne had come out with their IFD440 a year earlier, I might be in the Avidyne camp, but this is what happens once you tether yourself to one platform and as a customer, we end up at the losing end. I have seen this happen in companies I have worked for, the weakest link in the chain (it could be an employee, contractor or someone else) that can trigger this. The bigger the company, the greater the likelihood of this happening. At the same time, on the other side of things, we can't let "evil" entities such as these to thrive and need to be shut down with an iron hand ASAP.

  • Like 2
Link to post
Share on other sites

No one is immune. Some of the best IT departments in the world, some very sophisticated actors have been victims including Google. Nothing is 100% secure. There are armored car robberies, there are liquor store robberies. One has the highest level of protection, the other a modest level yet both are victimized. We as well as other nations have entire agencies dedicated stealing cyber secrets, even decoding encryption with massively powerful machines. We even have software to do it that makes it look like another state actor was the bad guy. When that software was developed it was put under the highest lock and key this nation possessed and it took exactly 30 days for it to be in the public domain.  If security was a perfectible art, these agencies would cease to exist because their work would be a fools errand. Yet they continue, because they know....any system can be hacked.

 

Link to post
Share on other sites

Take care of business like the Italian government did after the Rome airport attacks in 1986. Outsource it to the Sicilians. They can deliver a very strong message to those Russians.

 

 

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.