It’s over A week since hackers crippled Garmin with a ransomware attack and five days since its services were brought back to life. The company has still not fully recovered as synchronization issues and delays continue to haunt the corners of the Garmin Connect platform. However, two things are clear: It could have been worse for Garmin. And it is only a matter of time before the big game hunters from Ransomware strike again.
At this point, the world has seen some major breakdowns due to ransomware-style attacks in which hacker groups encrypt sensitive files and shake owners off for money. In 2017, WannaCry conquered the globe before intrepid hacker Marcus Hutchins found and activated his kill switch. In the same year, NotPetya caused billions of dollars in damage to multinational companies like Maersk and Merck, although the ransomware aspect turned out to be the front for a malicious data eraser. However, time seems to have encouraged some hackers as large corporations take their place on the list of popular destinations alongside hospitals and local governments.
The recent victims include not only Garmin, but also Travelex, an international money exchange company that ransomware hackers successfully met last year on New Year’s Eve. Cloud service provider Blackbaud – relatively unremarkable, but with a $ 3.1 billion market cap – announced that it had paid a ransom to prevent customer data from being lost after an attack in May. And these are just the cases that go public. “There are certainly fairly large organizations that you don’t hear who is affected,” said Kimberly Goody, senior manager of analysis at FireEye security firm. “Maybe you don’t hear about it because they pay or because it doesn’t necessarily affect consumers in such a way that it is obvious that something is wrong.”
Larger companies make attractive ransomware targets for obvious reasons. “You are well insured and can afford to pay a lot more than your small local grocery store,” said Brett Callow, a threat analyst at Emsisoft, an anti-virus company. However, ransomware attackers are also opportunistic, and a poorly secured health care system or city, neither of which can tolerate extended downtime, has long been a better payday opportunity than companies that can afford to block things.
However, the gap between corporate defense and ransomware sophistication is narrowing. “In the past two years, we have seen case-by-case corporate networks at risk and the surge in malware designed to deliberately infect corporate networks,” said Adam Kujawa, director of security firm Malwarebytes Labs. And for hackers, success brings success. Emsisoft estimates that ransomware attackers raised a total of $ 25 billion last year. “These groups now have huge amounts to invest in their business to increase their sophistication and size,” Callow says.
Even ransomware attacks that start without a specific high-profile goal – who knows what a phishing campaign could look like? – have increasingly focused on discovering whales online. A player associated with Maze Ransomware, Goody at FireEye, specifically wanted to hire someone whose only job was to scan the networks of compromised targets to determine not only the company’s identity, but also its annual revenue.
The Garmin incident is particularly revealing here. The company was reportedly hit by a relatively new ransomware called WastedLocker, which has been associated with the Russian malware dynasty Evil Corp. For much of the past decade, the hackers behind Evil Corp have reportedly used bank-related malware to steal more than $ 100 million from financial institutions, as stated in a Justice Department charge last year. In 2017, Evil Corp began adding Bitpaymer ransomware to its routine. After the indictment, it apparently refitted and set its goals much higher.
“When you see how they hit governments, cities, hospitals, and these more common destinations that we’ve seen in recent years, the ransom they demand in them is usually hundreds of thousands. With WastedLocker, the amount of ransom we see is definitely on the rise. We see them asking for millions, ”said Jon DiMaggio, a senior threat intelligence analyst at Symantec. “There is no doubt at Evil Corp that it is a big change that they are now meeting Fortune 500 companies.”