Garmin Ransomware Attack

We decided to talk write about Garmin Ransomware Attack, this post will be about it including how it works and how to prevent it.

Garmin Ransomware Attack
Garmin Ransomware Attack| Image by Pete Linforth from Pixabay


If you are one of those people who like to keep track of their fitness activities with the help of online apps then you might have heard of Garmin, you may even have used it. If that’s the case then you may know that Garmin was temporarily taken down by hackers in late July 2020. It literally brought the company’s business to its knees. Garmin is used a lot in smartwatches and other wearables. Many users in Asia and other parts of the world were unable to use the app or website to update their activities such as running, bike riding, etc. That’s because the owners were forced to shut down the app and the website used for syncing the data.

After a few days, the app and the website slowly started recovering. The users were rightfully happy, however, soon after rumors started circulating that Garmin paid a multimillion-dollar ransom to the guilty party. The money was in exchange for the decryption code to recover the data, which was scattered by an evil malware called WastedLocker. This malware is traced back to Evil Corp, which is a crime group based in Russia. Evil Corp has been sanctioned by the US Department of Treasury.

Let’s learn some more about it.

Encrypted data

In the beginning, Garmin talked about outages. Later, it was revealed that they were victims of a ransomware attack. This means that most of their data were encrypted by pernicious malware. So, in order to decrypt it the hackers asked for ransom/money. Garmin later confirmed this news. They also relayed that the user’s data was not compromised or impacted during the attack.


Although Garmin did not confirm the identity of the malware according to the sources close to the attack it was most likely WastedLocker. In an attempt to stop the attack, Garmin’s IT department shut down the network computers, which caused the outage. WastedLocker attacks are mostly carried out by an organization called Evil Corp, which is based in Russia. Ransomware attacks are usually directed at specific companies and organizations. The hacker group responsible for the attack could ask for millions of dollars in exchange for the data. Evil Corp is sanctioned by the US Department of Treasury, so this means that if Garmin paid the ransom, it broke US law.

Evil Corp

Evil Corp is a malicious cybercrime group in Moscow, Russia. If the name sounds familiar to you, that’s because it probably is. It is named after a fictional corporation from the hacker themed series called Mr. Robot. This group uses malware to steal money from the bank accounts of victims. It is reported that Evil Corp has successfully stolen millions of dollars from hundreds of banks in the last 10 years. Some even consider it the world’s largest and most harmful hacking group. Recently, Evil Corp has launched an array of hacking attacks on American businesses. According to some sources, 31 companies were attacked but without success. Before it could stage the attack, it was detected by the system and stopped. Law has been after Evil Corp but has accomplished little success. The US government identified the group leaders in 2019 but they were not arrested.

How did the attack happen?

As reported by Symantec, who detected and identified the malware, it is first downloaded on an employee’s computer. The malware is silently downloaded after the employee clicks on a software update. Soon after it is downloaded the malware starts unlocking the permissions on the corporate network that the computer is connected to. The malware then encrypts all the data. It then locks out the employees of the business and demands a ransom for the decryption of each file.

The software update window that starts this whole process is a JavaScript-based framework. It is called SocGholish. This can come from any of the 150 legitimate websites whose security has already been breached by Evil Corp. That is why it is very important to never accept software updates from a website.

Stopping ransomware attack

Since most large corporations become victims of ransomware attacks, the best countermeasure would be to give security awareness training to the employees. The training may include telling them to never click on links or open attachments in emails if they don’t know exactly who they are from. They should be taught to be suspicious even if they know the sender as they could also have been hacked. Such security training should be given in addition to the regular virus protection training. Usually, cloud-based malware detection and protection software that are up to date will be able to alert you about the threat. If the breach happens despite this, companies that regularly back-up their data in offline servers will fare better than the ones that do not.

Lessons learned from this attack

Just like any big cybersecurity attack there are lessons to be learned from this attack and they are following:

  1. Every organization is susceptible to such attacks
  2. Ransomware attacks are timed and directed at specific organizations
  3. These attacks are often very powerful when they target customer operations
  4. An organization that offers more services and products may have a transparent infrastructure that’s why it can become an easy target
  5. Human error contributes to and enables ransomware attacks
  6. Paying the ransom may fuel future attacks

Protect yourself from malware

Big companies spend millions of dollars to protect themselves from such attacks but the user can stay safe by using only a few dollars.

  1. Install anti-virus
  2. Avoid phishing scams
  3. Don’t go on unsecured networks


The ransomware attack on Garmin was big and caused it to temporarily shut down. It did not affect Garmin’s market but it did expose issues in their network safety. Although the app got back on its feet quickly, it raised anxieties about future attacks on similar businesses. Vigorous security training of employees is a must if the business owner wants to stay safe from such attacks. Also, it is important to regularly back up the data in offline servers.

Leave a Reply

Your email address will not be published. Required fields are marked *