• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Garmin Suffers Massive WastedLocker Ransomware Attack

July 27, 2020 By Marc Laliberte

Garmin

Last Thursday, the GPS and smartwatch firm Garmin suffered what was allegedly a massive, system-wide ransomware attack, forcing them to take down all of their services ranging from their apps to their support call centers. While Garmin has been tight-lipped as to the cause of the outage, multiple publications have reported that the company was targeted by WastedLocker, a relatively new ransomware campaign that researchers at NCCGroup have attributed the hacking collective known as Evil Corp. Evil Corp was previously responsible for thee Dridex banking malware and BitPaymer ransomware.

As of Monday, Garmin is slowly bringing much of their services back online. It’s as of yet unknown if they paid the reported $10 million ransom demands or if they’ve been able to recover from backups but the 4 days of downtime doesn’t bode well considering the affected services included their aviation database.

Evil Corp primarily distributes WastedLocker through the SocGholish fake update framework, which masquerades as a fake browser update page to trick users into downloading a malicious JavaScript or PowerShell file. SocGholish contains code to gather information on the victim’s computer, including whether or not it is a part of a wider network, before delivering a malicious payload. Malicious SocGholish domains often use HTTPS encryption to evade detection. To catch SocGholish, WastedLocker, and other modern threats, make sure you’ve enabled HTTPS inspection on your network perimeter and have multiple layers of malware detection that can identify and block threats before they reach your endpoints and back those tools up with user training to identify common phishing techniques like fake updates.

Share This:

Related

Filed Under: Editorial Articles Tagged With: cyber security, Hacking, Infosec news, ransomware

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use