WastedLocker ransomware behind Garmin’s shutdown

Evil Corp's WastedLocker ransomware is confirmed to be behind the shutdown of Garmin's services and call centers last week.

By · Jul 28, 2020 . 6min read

Source – Pexels

According to the BleepingComputer, Garmin shut down its call centers and connected services due to an outage on last Thursday, 23rd July 2020. Garmin, the wearable device maker, experienced a worldwide outage last week. It is confirmed that the disruption was the result of a WastedLocker ransomware attack. Thus, Garmin shut down many of its services and call centers as a result.

Garmin is a company that manufactures GPS systems and wearable devices for those working in the aviation, marine, automotive, and fitness industries.

Many services used by those in the aviation industry are currently down. These include the flyGarmin website and app, Connext services (weather, CMC, and position reports), and Garmin Pilot Apps (FltPlan, account syncing, and data concierge). Garmin Explore is used for GPS navigation, logistics, and location sharing. The services are also currently down.

Garmin’s website offered the following statement:

The issue was first raised by Garmin’s Indian twitter account before its main Twitter and Facebook accounts acknowledged the outage.

WastedLocker was found to be behind the attack the next day

Garmin employees later confirmed to BleepingComputer that the shutdown was due to a WastedLocker ransomware attack. They had first learned of the attack when they arrived for work on Thursday morning. The IT department tried to shut down all computers. This did not work. They proceeded to shut down whatever systems they had access to.

One of the employees shared an image with BleepingComputer. The picture shows the encrypted files on a Garmin computer that have the garminwaster extension appended to the files name. Attached to the data were ransom notes as well.

Garmin ransomware attack

BleepingComputer did some research and found the same WastedLocker ransomware sample found in the Garmin computers. By having access to the sample, they were able to generate the same ransom notes and encrypted files as mentioned earlier. Rumours suggest that the hackers behind the attack are demanding a ransom of $10 million. However, this is unconfirmed.

Evil Corp. is the group behind the WastedLocker ransomware. They are around since 2007. The US Treasury Department has sanctioned them and claimed that Evil Corp is responsible for more than $100 million in damage.

Evil Corp uses their WasterLocker ransomware to attack large corporations and demand ransoms of millions of dollars. They were blocked last month during an attempt on major US corporations. Amongst those targeted were Fortune 500 companies. They did eventually manage to compromise the devices of employees of more than 30 major US private firms through a fake software update.

Follow Cryptodose for more updates