WastedLocker Ransomware Implicated in outage of Garmin Connect and call center services
Garmin is suffering a widespread outage in what appears to be a WastedLocker ransomware attack. The company’s Garmin Connect services and call center are offline for a second day. Garmin makes GPS-enabled wearables and navigational software.
The cyber attack impacts the Garmin Connect website. Garmin does make applications for wearables, navigation devices, that can use offline maps when there is no internet connection. These applications can still function if map were downloaded previously.
However, any device that relies on a data connection to update maps is not working. iWatches, Fitbits, as well as other devices that rely on connectivity to sync data with Garmin Connect and are only showing a “server maintenance” message at this time. Aviation maps cannot update, and current weather reports are not available.
Other corporate services are also affected – call centers cannot receive calls, emails, or online chat requests for support.
As of Friday, a note on the company’s website says “We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”
The corporate website is running.
Their Twitter account has a pinned Tweet from yesterday informing customers of the outage. No updates were added today so far.
Some Reddit users are saying WastedLocker is the ransomware used in this attack. WastedLocker is known for its high ransom demands – anywhere from $500,000 to over $10 million Bitcoin which is millions of USD.
Evil Corp is the threat actor group that uses it to attack companies. They are believed to be a group of Russian hackers who mostly target US businesses. Evil Corp is also responsible for Dridex and BitPaymer malware. WastedLocker ransomware was first seen in May 2020, according to cyber security researchers at Malwarebytes. Each attack uses a customized build.
Evil Corp does not exfiltrate stolen data to publish it online or sell it on dark web marketplaces when victims won’t pay the ransom. According to Malwarebytes, there is no way out if this ransomware has invaded your network.
How to Defend against WastedLocker ransomware
This ransomware is customized for each target corporation. One of the methods used to deploy this malware is a fake update notification.
- Use regular back-ups and store them off-line
- Malwarebytes anti-malware software detects WastedLocker ransomware as Ransom.BinADS. You can check Malwarebytes plans on their website