Garmin down: What is ransomware, why is it so damaging, and what is Evil Corp?
A recent attack on Garmin encrypted files, reportedly holding them hostage until they received a substantial payment
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Fitness giant Garmin is experiencing a global outage that seems to be caused by a ransomware attack.
The attack resulted in the company having to shut down its connected services and call centres.
However, Garmin is not the only company to be the target of a ransomware attack. Other organisations, including the NHS and Honda, have been the subject of attacks.
Ransomware is dangerous and can attack at any time if companies and users do not take the necessary precautions to protect themselves.
What is ransomware?
Ransomware is sent by malicious individuals to organisations in order to encrypt their data. The malicious individuals threaten to only decrypt the data if the organisation pays them a ransom, usually via cryptocurrency.
With regards to the recent Garmin attack, the hackers encrypted company files and have reportedly demanded $10 million, although that has yet to be confirmed.
In many cases, if the hackers do not receive their funds, the price will increase. Eventually, the files could be deleted.
What is 'WastedLocker'?
While Garmin has not officially confirmed the cause of the attack, multiple news outlets have reported that it was caused by a WastedLocker ransomware according to a Garmin employees as well as sources purportedly close to the attack.
It is reported that Garmin’s IT department attempted to shut down remotely all computers on the network, which caused the global outage.
WastedLocker attacks are operated an organisation known as Evil Corp, which is believed to be located in Russia. Such attacks are usually directed towards specific companies and could demand up to $10 million, according to MalwareBytes.
How do I get ransomware?
Ransomware can be obtained through several methods. Most commonly is through unsolicited emails with dangerous attachments that disguise themselves as innocuous images or documents.
Cybercriminals can also use social engineering – pretending to be other users – in order to hide their true intentions. This includes purporting to be a government service, for example, in order to scare users into paying files.
There is also a variation called “leakware” in which the hacker threatens to publish personal information about a victim if they are not paid, but this is less common than standard ransomware due to the difficulty in finding such information.
Malware can also be spread through advertising. A malicious ad could send harmful files to a users’ computer without their knowledge, or redirect people to criminal servers.
In 2018, YouTube ads hijacked computers to make them mine the Monero cryptocurrency, using the computers’ processing power.
Some ransomware can be powerful enough to infect computers without having to deceive users. NotPetya, which attacked IT systems in Ukraine, used a security vulnerability in order to spread carnage.
How can I protect myself from ransomware?
The best offence is a good defence; the best way to protect people from ransomware is stopping them get it in the first place.
Using a strong cybersecurity suite is vital in protecting yourself from malicious files and adverts, as these programmes can detect issues before users can.
It is also important to back up your data regularly, to ensure that any files which may be encrypted or deleted are not irretrievable.
Ensuring that all your systems remain up to date is also good practise. The WannaCry ransomware attack which blighted the NHS was due to a hole in Microsoft software from 2017.
Although the security issue had been patched, many people had not installed the update and therefore left themselves vulnerable to attack.
It is also important to not install software or give it administrator rights unless it comes from a reputable source.
Is ransomware more common on Macs or PCs?
Ransomware is generally more common on computers running Microsoft Windows than they are on Apple’s macOS operating system, although Apple computers can still be infected by ransomware.
There is a myth that Apple computers are harder to hack, but in fact the reason ransomware is less common on MacBooks is simply due to market share.
While MacBooks make up approximately 20 percent of laptops in the UK, HP is the most common brand, which uses Microsoft Windows. Acer, Lenovo, Dell, and Toshiba, and Asus are the next five most common brands, all of which are PCs.
As such, it has simply been less rewarding for hackers to develop software for the Apple market, however as MacBooks are more expensive than PCs and as Apple’s market share grows, that may change as hackers target more common, wealthier users.
What should I do if I get ransomware?
One of the most important things a victim can do if they have been caught by a ransomware attack is not to pay the hackers. That simply encourages criminals to attack them again.
Moreover, it is not guaranteed that every ransomware will unlock the files after payment.
Finding and using strong ransomware remediation software from a reputable company is the best way to deal with the infection. Although the files may not be recoverable, the actual ransomware will be ousted from the computer.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments