Ransomware malware attacks these days are proving to be one of the most fearsome practices of cyber criminals. For those who are still unfamiliar with the term, a “ransomware” is a type of malware created to restrict access to data on the device it infects, so attackers can demand a ransom to remove the malware and unlock the system. On small infrastructures this is a problem that can be solved if you have a complete backup of your servers, a situation that becomes difficult to handle on large infrastructures, however. In either case, the real issue is the lockdown time, i.e., how long the company or government will have to remain offline (often halting production or service delivery), a situation that could ultimately prove more costly than the ransom demanded. At the programming level, next-generation ransomware proves, in most cases, to be extremely advanced. Recently, a next-generation ransomware called VHD has been discovered that is distinguished by its ability to self-replicate (not just propagate) by attacking the infrastructure of the intended victim.
The Garmin case
Even illustrious names in information technology have fallen victim to these kinds of attacks. The latest is Garmin the U.S. brand known for navigation systems for cars, boats, aviation, and more recently personal connected devices including smartwatches and smart bands for sports activities. The company was hit by a ransomware attack that apparently breached a small Asian facility, then spread to part of the company’s infrastructure forcing the tech giant to shut down most of its servers and computers. The situation proved so serious that it had to resort to what is called a “hard shutdown,” or a total shutdown of the entire infrastructure, to halt the advance of the virus and verify the affected areas. Fortunately, it appears that there was no data breach and user data remained untouched. undoubtedly it was a blow to Garmin since most of its current production is based on connected devices, which take advantage of Garmin Connect technology to synchronize training sessions, location and data management. The biggest issue, however, concerns the Garmin Pilote for aviation and the inReach satellite system that provides global coverage around the world, as well as GPS tracking, distress alerts, and the Iridium satellite phone network. These fortunately were the first systems to be restored quickly.
Evil Corp
According to the latest information, the attack was carried out with the fearsome WastedLocker ransomware, created by Russian cybercriminals Evil Corp. When WastedLocker infects a server, every file it encounters is encrypted and scrambled, making it inaccessible until it is unlocked, which usually occurs after payment of a ransom. A situation that has put Garmin in a critical position because of its inability to pay any ransom without incurring sanctions from the U.S. government, which has long ago classified Evil Corp as a criminal organization. As for the company, it has reported in an official report that its computer system was the victim of an attack that penetrated inside some of its servers and that computer forensic experts who are handling the case have found no evidence to say that user data, including Garmin Pay payment information, was hacked. The functions of Garmin products were not compromised, except for the ability to upload and share services online at Garmin Connect. The servers are being restored and the company expects to return to normal operation in the coming days.
A high cost
When everything returns to normal, one may ask: How much did this misadventure cost Garmin? In addition to the image damage, there were days of downtime and huge costs to restore all functions. A situation that once again underscores how crucial are the security investments and Vulnerability Assessment practices we have already covered in these articles. As highlighted by Hypergrid’s experts, these procedures, together with penetration testing, represent to all intents and purposes a real barrier against cyber attacks since, in addition to analyzing the vulnerability of the infrastructure, it is possible to simulate cyber attacks towards a given target to test its defenses and criticalities and highlight a particular flaw. Obviously having identified the possible vulnerability, the team is able to propose solutions to remedy it.
For advice and information, please feel free to contact us at info@hypergrid.it
Devi effettuare l'accesso per postare un commento.