Garmin down: What is ransomware, why is it so damaging, and what is Evil Corp?

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Fitness giant Garmin is experiencing a global outage that seems to be caused by a ransomware attack.

The attack resulted in the company having to shut down its connected services and call centres.

However, Garmin is not the only company to be the target of a ransomware attack. Other organisations, including the NHS and Honda, have been the subject of attacks.

Ransomware is dangerous and can attack at any time if companies and users do not take the necessary precautions to protect themselves.

Ransomware is sent by malicious individuals to organisations in order to encrypt their data. The malicious individuals threaten to only decrypt the data if the organisation pays them a ransom, usually via cryptocurrency.

With regards to the recent Garmin attack, the hackers encrypted company files and have reportedly demanded $10 million, although that has yet to be confirmed.

In many cases, if the hackers do not receive their funds, the price will increase. Eventually, the files could be deleted.

While Garmin has not officially confirmed the cause of the attack, multiple news outlets have reported that it was caused by a WastedLocker ransomware according to a Garmin employees as well as sources purportedly close to the attack.

It is reported that Garmin’s IT department attempted to shut down remotely all computers on the network, which caused the global outage.

WastedLocker attacks are operated an organisation known as Evil Corp, which is believed to be located in Russia. Such attacks are usually directed towards specific companies and could demand up to $10 million, according to MalwareBytes.

Ransomware can be obtained through several methods. Most commonly is through unsolicited emails with dangerous attachments that disguise themselves as innocuous images or documents.

Cybercriminals can also use social engineering – pretending to be other users – in order to hide their true intentions. This includes purporting to be a government service, for example, in order to scare users into paying files.

There is also a variation called “leakware” in which the hacker threatens to publish personal information about a victim if they are not paid, but this is less common than standard ransomware due to the difficulty in finding such information.

Malware can also be spread through advertising. A malicious ad could send harmful files to a users’ computer without their knowledge, or redirect people to criminal servers.

In 2018, YouTube ads hijacked computers to make them mine the Monero cryptocurrency, using the computers’ processing power.

Some ransomware can be powerful enough to infect computers without having to deceive users. NotPetya, which attacked IT systems in Ukraine, used a security vulnerability in order to spread carnage.

The best offence is a good defence; the best way to protect people from ransomware is stopping them get it in the first place.

Using a strong cybersecurity suite is vital in protecting yourself from malicious files and adverts, as these programmes can detect issues before users can.

It is also important to back up your data regularly, to ensure that any files which may be encrypted or deleted are not irretrievable.

Ensuring that all your systems remain up to date is also good practise. The WannaCry ransomware attack which blighted the NHS was due to a hole in Microsoft software from 2017.

Although the security issue had been patched, many people had not installed the update and therefore left themselves vulnerable to attack.

It is also important to not install software or give it administrator rights unless it comes from a reputable source.

Ransomware is generally more common on computers running Microsoft Windows than they are on Apple’s macOS operating system, although Apple computers can still be infected by ransomware.

There is a myth that Apple computers are harder to hack, but in fact the reason ransomware is less common on MacBooks is simply due to market share.

While MacBooks make up approximately 20 percent of laptops in the UK, HP is the most common brand, which uses Microsoft Windows. Acer, Lenovo, Dell, and Toshiba, and Asus are the next five most common brands, all of which are PCs.

As such, it has simply been less rewarding for hackers to develop software for the Apple market, however as MacBooks are more expensive than PCs and as Apple’s market share grows, that may change as hackers target more common, wealthier users.

One of the most important things a victim can do if they have been caught by a ransomware attack is not to pay the hackers. That simply encourages criminals to attack them again.

Moreover, it is not guaranteed that every ransomware will unlock the files after payment.

Finding and using strong ransomware remediation software from a reputable company is the best way to deal with the infection. Although the files may not be recoverable, the actual ransomware will be ousted from the computer.