Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Security Businesses Technology

Garmin Reportedly Paid Millions To Obtain Decryption Key, Resolve Recent Ransomware Attack (digitaltrends.com) 61

Garmin has reportedly paid a ransom to receive a decryption key to recover its files, after they were hit by the WastedLocker Ransomware last month. Digital Trends reports: [BleepingComputer] found that the attackers used the WastedLocker Ransomware and reported that they demanded $10 million as a ransom. Now, it also uncovered that Garmin is using a decryption key to regain access to its files, suggesting that the company may have paid that ransom demand or some other amount. The WastedLocker software uses encryption which has no known weaknesses, so the assumption is that to break it, the company must have paid the attackers for the decryption key. [...] The company reassured customers that no customer data was stolen, and that no payment information from the Garmin Pay payment system was accessed or stolen either.

On Twitter, the company announced last week, "We are happy to report that many of the systems and services affected by the recent outage, including Garmin Connect, are returning to operation. Some features still have temporary limitations while all of the data is being processed."

This discussion has been archived. No new comments can be posted.

Garmin Reportedly Paid Millions To Obtain Decryption Key, Resolve Recent Ransomware Attack

Comments Filter:
  • Is it really that hard? Probably cheaper than ransomware insurance. Or paying the ransom.

    • There could be a Bureau of Ransomware, with yearly taxes and standardized ransom fees.

    • It depends on the backups:
      The backup servers get encrypted and are no longer functional. If data is taken off site, those backups are frequently bad. . The hackers use spearphishing to gain entry into the network. Once there, they drop in a trojan time bomb. When backups are restored, the time bomb goes off re-encrypting the data. It's a whack-a-mole game. The City of Atlanta had off site backups, their ransomware attack took them down for months. As a business, can you be down for month extracti
      • It depends on the backups:
        The backup servers get encrypted and are no longer functional. If data is taken off site, those backups are frequently bad. . The hackers use spearphishing to gain entry into the network. Once there, they drop in a trojan time bomb. When backups are restored, the time bomb goes off re-encrypting the data. It's a whack-a-mole game. The City of Atlanta had off site backups, their ransomware attack took them down for months. As a business, can you be down for month extracting data or do you pay and get it all back.

        The correct answer is no backups are not hard and there is no possible excuse for these fuckups. Computer viruses have been thing for decades.

        • Re: (Score:2, Interesting)

          by sdinfoserv ( 1793266 )
          Either you didn't read what I wrote, or you didn't comprehend it. Let me put it in small concepts for you. Todays attack vectors are intelligent enought that we live in a world were backups don't matter. Backups save you from hardware failures, but if you need your data back fast from an encryption attack - you pay. period. Unless you work in the security information technology field, you have nothing to say of substance.
          To restore, you have to rebuild the infrastructre machine by machine - restorti
          • by hjf ( 703092 )

            Or use a proper IT infrastructure.

            Re-image all affected computers. This is a breeze with stuff like Norton Ghost which has also been a thing for, literally, decades now.

            And since your user data is stored in a centralized server, which has proper snapshotting and backups, ransomware attack is as easy to recover as doing a rollback.

            It's REALLY not that difficult. But companies won't spend in that. Because they won't go for a homegrown solution, and commercial solutions necessarily cost millions, which compan

            • I don't see how an enterprise that is doing thousands of transactions all the time can just "roll back" to a prior state. Imagine if the bank said "we had a problem so we just lost all the debits and credits to your account for the last 72 hours."
              • by hjf ( 703092 )

                So, since you can't "roll back" 72 hours then you just can't back up at all?

                Filesystem snapshots are almost free. You can have 1 snapshot a minute if you want.

              • In addition to the snapshots you're also logging all transactions to an append-only journal on an air-gapped computer, over a simple serial-style connection using a protocol which doesn't allow for executable code or anything else besides the raw transaction data. So after rolling back the servers as far as necessary to deal with the ransomware problem you can just replay the transaction log to restore all the missing entries.

                Ideally all your live data would go through this logging system first so that you

    • Depends. No backup for 20 years, no maintenance contract / staff / data center... saves certainly more than $10m.
  • Way to go, Garmin. I am not buying any products from a company that is as sloppy as all this.
    • Maybe they "do" backups, only to realize that the saved data is not there when they need it, as it happens in many companies all the time. They also need to test the backup system on a regular basis.
  • by bloodhawk ( 813939 ) on Monday August 03, 2020 @06:00PM (#60362625)
    "The company reassured customers that no customer data was stolen, and that no payment information from the Garmin Pay payment system was accessed or stolen either." how can a company so incompetent in managing their IT make any such statement with certainty?
  • I can't believe all these big name companies that pay the ransom. That kind of gross incompetence needs to be punished with firings. Start at the top and go down until you hit the level of folks that don't have access or say in the backup process.

    Unreal. The first thing you do when you start a new IT job is find out about the backups, and test them yourself so you know they're working. Then you continually test them. I would expect that from an intern, nevermind an admin or the managers above them.

  • Terrible trend (Score:5, Informative)

    by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Monday August 03, 2020 @06:07PM (#60362647) Homepage Journal

    Bush Senior's Foundation just cowered similarly [washingtontimes.com].

    This is a terrible trend, that finances criminals enabling them to target more and more victims... I'd go as far as to suggest, this makes them an accessory, however unwilling, to future crimes by the same assholes...

    • That wasn't exactly the same thing. The Bush Center paid to have the criminals destroy and not leak the personal information of donors.
      • Re:Terrible trend (Score:5, Informative)

        by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Monday August 03, 2020 @06:21PM (#60362687) Homepage Journal

        That wasn't exactly the same thing.

        Of course, it was. They surrendered to the criminals' demand — paying them money to avoid additional harm.

        The Bush Center paid to have the criminals destroy and not leak the personal information of donors.

        Distinction without difference. Criminals were still rewarded for their crimes, making new crimes more likely.

        • The George W. Bush Presidential Center sounds like the opening line to a joke.
        • The Bush Center paid to have the criminals destroy and not leak the personal information of donors.

          Distinction without difference. Criminals were still rewarded for their crimes, making new crimes more likely.

          Well, that was a kind response.

          I was more thinking along the lines of "And you were stupid enough to believe them?"

          (Hackers) "Pay us and we'll delete that uber-sensitive private data. We pinky swear!"

          Fucking seriously? This is a whole new level of ignorant. Rest assured we'll see this data for sale soon, which will reward them again.

        • So to you, there is no merit in doing something to protect someone else vs. doing something for your own convenience. Good to know.
          • by mi ( 197448 )

            "Protect own convenience" is what Garmin did. In order to protect someone else they should've refused to pay the ransom...

  • Yes, I know, Dane-geld and all that. And I agree. But no one who is a victim of a crime is obligated to take the fight to the criminals in order to theoretically deter other criminals in other places, especially not when that also involve letting your business go belly-up in the process.
    Their security and backup procedures are crap, no argument, but if you want to punish them, punish them for that, not for the payout.

    • Yes, I know, Dane-geld and all that. And I agree. But no one who is a victim of a crime is obligated to take the fight to the criminals in order to theoretically deter other criminals in other places, especially not when that also involve letting your business go belly-up in the process.
      Their security and backup procedures are crap, no argument, but if you want to punish them, punish them for that, not for the payout.

      Why I can go to jail for selling shit to various countries and organizations and yet people knowingly aiding and abeding a criminal enterprise are immune from being fined and or hauled off to prison? This makes no sense to me and I don't support it. Anyone who pays deserves to be fined and or rot in jail.

      • by Corbets ( 169101 )

        Someone puts a gun to your daughter’s head and demands your wallet. Would you pay?

        I’m not saying the scenarios are functionally equivalent, but these situation so are shades of grey, not black and white. Survival of the company may be on the line. Does it make more sense for the company to collapse and all their employees to lose their jobs?

        I don’t know, and I suspect you don’t either.

        • urvival of the company may be on the line.

          That is easily fixed: if they pay, the company should be dissolved for supporting criminal activity. Survival should not be an option.

    • by Dunbal ( 464142 ) *
      The payout is a direct consequence of their (lack of a sensible) backup policy. What should have been a loss of a few hours, a day, a week turned into holding the entire corporation hostage. You cannot get more irresponsible than that. Well hopefully they will learn from this mistake and re-design their contingency plans because they just painted a big bullseye on themselves.
  • And that is called paying the Dane-geld;
    But we've proved it again and again,
    That if once you have paid him the Dane-geld
    You never get rid of the Dane.

  • Comment removed based on user account deletion
  • Garmin Connect is still down. You can get the login screen, but no further, it goes to the "Garmin Maintenance" screen.

    It's been a full week since they announced that "services affected by the recent outage, including Garmin Connect, are returning to operation." This was, and still is, complete bullshit.

  • So did Garmin really drop the ball here or are these hackers really that sophisticated? It seems crazy to me that both their internal network and all the user data were taken down simultaneously. Like, itâ(TM)s one thing for all the workers to get taken out, but all their online data and critical manufacturing information as well?

    Can you not make sufficiently comprehensive backups to avoid this? What about using a cloud service? Or does Garmin run itâ(TM)s own data centre? Itâ(TM)s worrying t

    • Yes, they were that good.

      Most aren't but this group only targets deep pockets and does extensive APT analysis, ready to react to any defenses.

      You better have your backup systems OOB and deeply rotated offline.

      Garmin may have been remiss in their security but only perfect will cut it if you've been targeted by wealthy organized crime (civilian or public sector).

      Also, Garmin may have violated sanctions by paying this, so somebody could be looking at jail time. Hopefully not the kid they're planning to pin i

  • I wish one day will come with a story about these thugs being arrested.
  • We either lose $15m recovering the last known backups from 60-90 days ago and have to put the whole of our IT back together ( overtime payments, hire in new people, etc ).

    OR

    We just pay these guys their $10m and get back on track with only a week or two of lost revenue and data.

    They're still the scum of the earth of for pulling this scam and Garmin have now legitimized a company paying a ransom to save itself. This will only spur on other scammers to toughen up their game and push for bigger targets. Howeve

  • So, they believe that had the security controls in place to track and identify data theft, but they lacked either the tools to prevent it... or simply to have reliable backups of the data?

    I see this crap online all the time. If your company has ever lost data, it is because your IT staff is stupid. There is absolutely no possible reason that satisfactorily justifies poor backups. This is 2020 and any production system anywhere should have transactional based backups. This is not a challenge. If you run any
  • I'm starting to think the best option is to make it illegal to pay these kinds of ransoms.

  • I love how the police are nowhere to be seen in any of these stories. They wouldn't even know how to begin investigating something like this. Such incompetence everywhere. (Our company had a ransomware infection, and we restored from backups. Took about 2 days to clean it all up.)

Genius is ten percent inspiration and fifty percent capital gains.

Working...