Garmin received decryptor for WastedLocker ransomware (opens in new tab)

(bleepingcomputer.com)

33 pointsnl58875y ago26 comments

26 comments

I'm still hopeful that Garmin is prosecuted for paying the random. The us is actually sanctioning evil Corp. https://slate.com/technology/2020/07/garmin-cyberattack-rans...

I even have a Garmin device affected by this. I still want ransomware stopped.

sharken5y ago

Ransomware that is a result of users clicking on update notices they should not click is very hard to protect against. Even Stuxnet was successful in crossing over to a separate network through the use of USB sticks. Source: https://en.m.wikipedia.org/wiki/Stuxnet

I get the sentiment that Garmin should suffer due to paying the ransom, but I bet a lot of american companies would act the same way if it was their company on the line.

At least this incident should serve as a warning to other companies that Ransomware is very real and there has to be a plan for recovery without paying the ransom.

NotSammyHagar5y ago

Those companies should have backups. If this was say a mafia type org that was going to kill people if they didn't pay up, it would be clearly wrong. If someone said they'd cut your internet links if you don't pay, it might be more obvious this extortion payment is wrong. And this can be defeated by having backups.

Simulacra5y ago

Since GARMIN is a publicly traded company, couldn’t an investor demand to know if the money was paid, and if they don’t get an answer, they could go to the SEC? Could they sue?

wjnc5y ago

Interesting question. The dynamics surrounding which questions get proper answers in shareholder meetings is always interesting to me. There is no right way and bullshitting certain questions is an art. On grounds of material impact this question is hard to skip an answer to. Perhaps the payoff wasn't that material in the end, but the hack was. So even a small fry shareholder could ask this in the shareholder meeting and expect an answer. Skipping to answer good questions often leads to more in the future, so that's the balance the CEO and investor relations face. One could always reach out to analysts to try and get some critical mass going.

mytailorisrich5y ago

I would think that it will be duly included in the company's financial statements, so that the material impact of this overall is duly reported. But obviously there will be no reference to any ransom.

I would also suspect that they never paid any ransom. They probably only paid consulting fees to security/ransomware experts (wink wink).

anitil5y ago

There is the Matt Levine answer to this which is 'Everything is Securities Fraud' [0]. He claims this is partially because securities law is broad and relatively functional, violations of other laws end up being pursued under securities law.

[0] https://www.bloomberg.com/opinion/articles/2019-06-26/everyt...

mint25y ago

I’m curious if the average company even bothers planning/testing their ability to recover from a ransom ware attack wo paying.

Like do they even bother planning for that or are they unaware of the risk or did they decide it’s more cost effective to purely rely on prevention and plan to pay any ransom.

I feel like there should be a regulation, where if they pay the ransom then they get a penalty of 2-5x the ransom charged.

akmarinov5y ago

I bet they’ll start investing in backup solutions right about now.

hibbelig5y ago

I recall a story here on HN, some days ago. A company was attacked, then the attackers waited some months to make sure that all backups had been contaminated, then they struck.

So victims can only make sure that they have a malware checker that finds the culprit, then do fresh installs, then check each file before it's restored from backup. Sounds like a crazy amount of work.

andreareina5y ago

Immutable append-only backups would protect against this, right? Nuke the OS to make sure you're running on good software, then pull in data that's as good as it was when it was backed up.

2 more replies

lonelyasacloud5y ago

How would restoring from backups also not risk restoring whatever it was that broke their world at the same time?

beagle35y ago

Proper backup does data independently from code, and proper devops is to always do an install from trusted source.

It is unfortunately very rare to find this in practice - everyone seems to be happy with just snapshotting live systems as a backup these days; and it works well enough as long as there is no lingering systemic corruption of data.

(And .... Excel, by mixing data with potentially malicious code, is beyond redemption. But good luck quarantining that in a modern suit controlled company)

145y ago

To me the fascinating part is that with the ransom payment they received the decrypt key as well as the security system patches needed to protect the system. However I would be very nervous that the hacker didn’t leave something behind but perhaps they would rather a good reputation and not risk losing payment for the next attack.

mpnordland5y ago

Given the references the author found to apparently reputable ransomware recovery firms, my reading is that the decryptor was built by one of those companies using the key provided by the intruder.

ergwwrt5y ago

have to keep them on a subscription model. provide the antidote to the manufactured problem. oh wait...

mkj5y ago

Is Evil Corp their actual name, or just what the US law enforcement called them? https://home.treasury.gov/news/press-releases/sm845

peterlk5y ago

It looks like that's just the name of a group - like anonymous, lulzsec, equation, shadow brokers, etc.

It's likely a nod to Mr. Robot, where the company that the hackers are infiltrating is called Evil Corp.

Crosseye_Jack5y ago

Its E Corp, Elliot call's them Evil Corp (He says in episode 1 iirc, that he basically replaced E Corp with Evil Corp in his own internal dialogue)

amelius5y ago

Real or not, I'll keep using that name as a placeholder for any evil corporation.

Stierlitz5y ago

This would never have happened, if only they used a proper Operating System from a respectable software company.

Crosseye_Jack5y ago

Name that tune!

j / k navigate · click thread line to collapse

26 comments

NotSammyHagar5y ago

I'm still hopeful that Garmin is prosecuted for paying the random. The us is actually sanctioning evil Corp. https://slate.com/technology/2020/07/garmin-cyberattack-rans...

I even have a Garmin device affected by this. I still want ransomware stopped.

sharken5y ago

I get the sentiment that Garmin should suffer due to paying the ransom, but I bet a lot of american companies would act the same way if it was their company on the line.

At least this incident should serve as a warning to other companies that Ransomware is very real and there has to be a plan for recovery without paying the ransom.

NotSammyHagar5y ago

Simulacra5y ago

Since GARMIN is a publicly traded company, couldn’t an investor demand to know if the money was paid, and if they don’t get an answer, they could go to the SEC? Could they sue?

wjnc5y ago

mytailorisrich5y ago

I would also suspect that they never paid any ransom. They probably only paid consulting fees to security/ransomware experts (wink wink).

anitil5y ago

[0] https://www.bloomberg.com/opinion/articles/2019-06-26/everyt...

mint25y ago

I’m curious if the average company even bothers planning/testing their ability to recover from a ransom ware attack wo paying.

Like do they even bother planning for that or are they unaware of the risk or did they decide it’s more cost effective to purely rely on prevention and plan to pay any ransom.

I feel like there should be a regulation, where if they pay the ransom then they get a penalty of 2-5x the ransom charged.

akmarinov5y ago

I bet they’ll start investing in backup solutions right about now.

hibbelig5y ago

I recall a story here on HN, some days ago. A company was attacked, then the attackers waited some months to make sure that all backups had been contaminated, then they struck.

andreareina5y ago

Immutable append-only backups would protect against this, right? Nuke the OS to make sure you're running on good software, then pull in data that's as good as it was when it was backed up.

2 more replies

lonelyasacloud5y ago

How would restoring from backups also not risk restoring whatever it was that broke their world at the same time?

beagle35y ago

Proper backup does data independently from code, and proper devops is to always do an install from trusted source.

(And .... Excel, by mixing data with potentially malicious code, is beyond redemption. But good luck quarantining that in a modern suit controlled company)

145y ago

mpnordland5y ago

Given the references the author found to apparently reputable ransomware recovery firms, my reading is that the decryptor was built by one of those companies using the key provided by the intruder.

ergwwrt5y ago

have to keep them on a subscription model. provide the antidote to the manufactured problem. oh wait...

mkj5y ago

Is Evil Corp their actual name, or just what the US law enforcement called them? https://home.treasury.gov/news/press-releases/sm845

peterlk5y ago

It looks like that's just the name of a group - like anonymous, lulzsec, equation, shadow brokers, etc.

It's likely a nod to Mr. Robot, where the company that the hackers are infiltrating is called Evil Corp.

Crosseye_Jack5y ago

Its E Corp, Elliot call's them Evil Corp (He says in episode 1 iirc, that he basically replaced E Corp with Evil Corp in his own internal dialogue)

amelius5y ago

Real or not, I'll keep using that name as a placeholder for any evil corporation.

Stierlitz5y ago

This would never have happened, if only they used a proper Operating System from a respectable software company.

Crosseye_Jack5y ago

Name that tune!

j / k navigate · click thread line to collapse