Garmin held ransom for $10 million in cyberattack
https://www.forbes.com/sites/barrycollins/2020/07…
Barry CollinsContributor
Consumer Tech
"Garmin is reportedly being asked to pay a $10 million ransom to free its systems from a cyberattack that has taken down many of its services for two days.
The navigation company was hit by a ransomware attack on Thursday, leaving customers unable to log fitness sessions in Garmin apps and pilots unable to download flight plans for aircraft navigation systems, among other problems. The company’s communication systems have also been taken offline, leaving it unable to respond to disgruntled customers.
Garmin employees have told BleepingComputer that the company was struck down by the WastedLocker ransomware. Screenshots sent to BleepingComputer show long lists of the company’s files encrypted by the malware, with a ransom note attached to each file."
The ransom note tells the recipient to email one of two email addresses to “get a price for your data”. That price, Garmin’s sources have told BleepingComputer, is $10 million."
Isaiah_53_5, hey, look at the bright side, at least you didn't get a ton of monkey shit thrown at you...here is my best guess on threads that might be helpful:
Fingers crossed that one of those helps you.
Playboy Russian hacker holds Garmin to ransom: Lamborghini driving 33-year-old who runs 'EVIL CORP' and has $5m FBI bounty on his head has crippled the firm with millions of users for fifth day - and wants $10m to restore it
https://www.dailymail.co.uk/news/article-8562805/Will-Garmin-pay-10-Mil…
Bad look for the company. They should've been able to wipe their hard drives clean and restore their data from offline backups. But they didn't make backups, and now the only way to get their files back is to pay. .
The forensic IT guy I talked to during our encounter said to NEVER PAY. Do you really think an anonymous thief will play fair? That $10M just became $20M after the first payment.
I mean of course there's the whole "We don't negotiate with terrorists" approach, but at the end of the day a few millions of $ isn't much compared to the dramatic loss of revenue that would ensue if the company were to lose access to its customer database and other critical files. That's why IT experts tend to tell companies not to pay, but companies still pay because if they don't they'll lose way more than 10 millions. There are even consultants specialized in helping companies pay such ransoms.
The example you posted below is not particularly relevant, because you assume that the FBI is indeed able to arrest the thief. Large-scale ransomwares, such as the one targeting Garmin, are operated by professionals who know how to avoid leaving traces (no black magic honestly, the kid in your story was just dumb as rock). In most cases, there's no way to find the author of the ransomware and obtain from him the key to decrypt the files.
Increasing the ransom after a first payment is also a proof of total amateurism, because it is strategically non-optimal: if this behavior were generalized, companies wouldn't pay at all, and people behind those ransomwares wouldn't make any money at all. I've actually read if I remember correctly an article written by security researchers saying that something like 70-80% of all ransomwares actually allowed infected victims to decrypt their files once the payment was made.
Id odit aut odit veniam et. Ipsam sapiente minus excepturi ipsa corrupti qui repellat beatae. Incidunt sit adipisci rerum consequuntur. Vero reiciendis doloribus provident quis cumque exercitationem. Aliquid facilis aut non reprehenderit consequatur fuga. Vero numquam non ut quia porro.
See All Comments - 100% Free
WSO depends on everyone being able to pitch in when they know something. Unlock with your email and get bonus: 6 financial modeling lessons free ($199 value)
or Unlock with your social account...
Cum beatae et quasi ipsa qui tempore reiciendis assumenda. Aliquam exercitationem itaque sunt est necessitatibus et. Reiciendis amet libero illo aut est excepturi. Ducimus delectus eum distinctio iure non minima.