On July 23, 2020, the fitness brand Garmin was hit by ransomware. This particular ransomware was called WastedLocker and was developed by members of a hacking group, Evil Corp. Based on Downdetector.com and other reports, the attack’s damages lasted until July 27th. They were able to encrypt data across the company, affecting everything from website functions and customer support to company communications. The initial ransom demand was a steep $10 million. Because there is a lack of known weaknesses in the WastedLocker virus, it is believed that Garmin must have paid the ransom.
Ransomware Attack exploited the new working-from-home norm
The COVID-19 pandemic has forced a shift from working from an office to working from home. This shift has introduced the use of employee-owned devices, as many companies cannot afford to supply every remote employee with a machine. For many, the decision to have employees use home devices was due to widespread laptop shortages caused by the sudden large shift to working from home. This alone introduces a large security threat and weakens your company’s network.
A key take away from Forbes report on this attack is the following: “The ransomware attack has crippled many of the company’s systems. Reports claim that Garmin’s IT department shut down all of the company’s computers, including those of employees working from home who connected by VPN, to halt the spread of the ransomware across its network.” Has your company implemented a VPN policy specifically for employee-owned devices?
Unlike many company-owned devices that may be managed and monitored by a Managed Service Provider, employee-owned devices often lack a sophisticated endpoint protection and often only have the expired virus protection that was packaged with the desktop or laptop.
In addition to VPN security, an overall Business Continuity and Disaster Recovery are essential when responding to events like a ransomware attack. Does your company have backups of its data and server(s)? Have you regularly tested those backups for integrity and usability? Do you have a plan that lays out roles and responsibilities when invoking your BC/DR plan? Many ransomware attacks target an organization’s backup infrastructure to prevent the ability to rollback to a pre-ransomed environment.
This leads to having the proper endpoint protection. As mentioned previously, most employee-owned devices will lack a true enterprise endpoint protection like Sentinel and ThirdWall. Autonomous AI platforms are the next-generation endpoint protection.
Instead of relying solely on the release of virus definitions, these next-gen EDR solutions use machine learning and AI to detect and defeat threats.
Prevention with education
Lastly comes what could be one of your most important steps: education. The users of a company’s system are on the front lines of defense. Prevention begins with knowing what to click, where to go, and how to protect data.
Security Risk Training, like what KnowBe4 offers, helps equip employees with knowledge of what to look at in emails, understanding what a phishing scam is, where malware comes from, etc. You can educate with automated simulated phishing attacks and training campaigns showing stats and graphs to help understand where your organization needs training most.
In conclusion, organizations large and small are at a growing risk of cyber attacks. And like Garmin, these attacks could lead to large sums of money, either through paying a ransom, downtime, or many times both.
Protecting your company’s data by educating employees, having a sound backup policy and BC/DR plan, and deploying proper endpoint protection are all musts in the prevention of cyber attacks.
Feel free to reach out to Sikich and discuss how our MSP and MSSP services work to protect against these risks.