Who is Evil Corp – The Mastermind Behind the Garmin Ransomware Attack?
By Nick Anderson 6 minutes
Hacking is a threat that challenges the existence of any company. Whether big or small, companies of all sizes face the ever-present threat of external attacks. It can render a service useless, destroy data, steal information about users, and can makean irrecoverable loss to the reputation of a service. Companies are built on the trust of the customer, and that trust is deeply shaken when a data breach occurs, or even if the service becomes unavailable temporarily.
While Hollywood would have us believe that security breaches are a work of a single hacker behind the computer,in reality, hacking is more often than not the work of a group of hackers. Several hacking groups have made themselves notorious through their efforts in bringing down IT infrastructures of notable companies in the world.
An example is of Evil Corp – a Russian-based hacking group that was allegedly the mastermind behind a recent ransomware attack on Garmin. It is a Swiss-based company and a pioneer in GPS technology and provides the same to automobiles, marine vehicles, smartwatches, and more.
What is Ransomware?
Ransomware is one of the deadliest types of malware. More common types of malware such as viruses and worms infect a system, corrupt and make multiple copies of user files, and spread to other systems via external drives and local networks. Such malware can be cleaned out with a capable anti-virus, but ransomware locks you out of your precious data.
It encrypts files, making them unavailable to you without the decryption key. The attacker will demand ransom – typically in cryptocurrency – to handover the decryption key.
Malware can hit you from email through phishing attempts that trick you to into downloading a file or visiting a link. But incidents like the Garmin Ransomware attack require much more concentration and time. Hacker groups devote time to learn about the company’s security system and what defenses they have in place. And after spotting a vulnerability or by deploying malware on any system, they can initiate the attack.
Garmin Ransomware Attack of 2020
In the latter days of July 2020, Garmin’s systems went offline or were affected to some degree – at least. That includes its GPS service, website, customer service, and internal systems. The list of Garmin services affected included Garmin Connect, FlyGarmin, FitPlan, Garmin Aviation. Garmin issued a press release that informed the general public of a cyber attack on the company.
The cyberattack left users frustrated without access to their fitness apps, even pilots that trouble downloading the latest navigation data for flights. It took more than a week before Garmin’s systems were back online fully. The resources, the night hours, and the public outcry are part of the experience that entails after a cyberattack.
In Garmin’s case, user information was not stolen, else that would have been an even bigger issue. Stolen user data collected through cyberattacks goes on sale on the Dark Web. We are talking about millions and billions of user accounts with email addresses and even credit card information. The information is used for Credential Stuffing, which is why every service promptly asks its users to change their passwords.
Garmin never explicitly named the malware, only referring to the encrypted nature of its systems after the cyberattack. Various sources have confirmed that the malware in question is WastedLocker. The ransomware is said to be the product of the hacker group Evil Group. One reported confirmed through independent research that the ransomware was indeed WastedLocker and that Garmin had acquired the decryption keys by paying the ransom.
Such is the nature of ransomware. Because encryption relies on complex maths, even modern computers will take billions of years to crack through Brute Forcing. Complexity and difficulty in cracking the right combination add up when you introduce more bits in the equation.
The U.S Treasury put sanctions on dealing with WastedLocker. The sanction blocks any US-based company to pay ransom to the hacker group for the decryption keys. But Garmin did retrieve the decryption keys, and it’s only possible by paying the ransom.
How to be Safe Against Malware
Big tech companies like Garmin invest millions of dollars in protecting the business. But luckily, for you – the user – it’s only a matter of a couple of dollars and some practices that can help you stay safe.
Use an Anti-Virus
Malware has different types, and one may be more dangerous than the other. Invest in n anti-virus that is capable of dealing with all types of malware, and one that is updated regularly with new malware signatures. An anti-virus will scan downloaded files, webpages, email attachments, and links.
Recognize Phishing Scams
Phishing is a fraudulent technique designed to trick you, often by instilling a sense of urgency. An email notifying you of account suspension or a password reset email that you never requested are signs that something is fishy. Note the sender’s email address; you will find some discrepancy. If you are in the finance department in a company and a payment request has been made by a vendor or even the CEO, always confirm personally or through a phone call.
Protect Yourself on Unsecure Networks
The web today is mostly using HTTPS to secure sessions, but not all websites have transitioned to it. Moreover, public Wi-Fi hotspots are weak when it comes to security. Man-in-the-Middle attacks can target you through fake access points. It’s easy for someone with adequate knowledge to sniff data packets flowing out of your device.
FastestVPN’s encryption is a feature that’s enabled when you connect to any server. It prevents third-party intervention while also keeping your activity private.
There is more than one way hackers target an entity or user. Some could be due to vulnerabilities planted through malware, or it could be zero-day exploits. Security experts work tirelessly to bring new threats to the general public’s attention. A good way to prevent cyber attacks is by staying updated on incidents such as the Garmin ransomware attack.