Crypto-ransomware in action: A closer look at the WastedLocker hijack of Garmin

On July 23, Garmin, the popular fitness and GPS technology company, was the victim of a crypto-ransomware attack that forced the company’s most popular services offline for three days while its internal network and production systems were encrypted and held for a $10 million ransom. This high-profile incident is the latest in a growing number of targeted ransomware attacks against large organizations.

Garmin was attacked by the Trojan WastedLocker—ransomware that has become noticeably more active since the first half of this year. This particular version was designed to specifically target Garmin and contains several unusual technical aspects.

The first is its User Access Control (UAC) bypass technique. Once launched on a compromised device, the Trojan checks whether it has high enough privileges. If not, it will attempt to silently elevate its privileges by tricking a legitimate system binary into launching the Trojan’s body hidden in an alternate NTFS stream.

In addition, the sample of WastedLocker analyzed from the Garmin attack used a single public RSA key—the type of key used to encrypt the files. This would be somewhat of a weakness if the malware were to be massively distributed. The decryptor would only have to contain the one private RSA key to decrypt everyone’s files. However, if the campaign is targeted—as it clearly was in this case—a single RSA key is an effective approach.

“This incident only highlights that there is a growing trend of targeted crypto-ransomware attacks against large corporations—in contrast to the more widespread and popular ransomware campaigns of the past, like WannaCry and NotPetya. While there are fewer victims, these targeted attacks are typically more sophisticated and destructive. And there is no evidence to suggest that they will decline in the near future. Therefore, it’s critical that organizations stay on alert and take steps to protect themselves,” comments Fedor Sinitsyn, security expert at Kaspersky.

Read more about the WastedLocker attack on Garmin on Securelist.

To reduce the risk of being exposed to WastedLocker and other ransomware, Kaspersky experts have the following recommendations:

Use up-to-date versions of OS and applications
Use a VPN to secure remote access to company resources
Use a modern endpoint security solution, such as Kaspersky Endpoint Security for Business with behavior detection support and remediation engine allowing automatic file rollback, and a number of other technologies to stay protected from ransomware
Improve employees’ cybersecurity education. Kaspersky Security Awareness offers computer-based training products that combine expertise in cybersecurity with best-practice educational techniques and technologies
Use a reliable data backup scheme or solution

About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Send us your press releases to pressrelease.zawya@refinitiv.com

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

Crypto-ransomware in action: A closer look at the WastedLocker hijack of Garmin

DISCOVER MORE

RS South Africa launches new campaign across its range of electronic products, services and design tools

33rd Abu Dhabi International Book Fair presents over 2,000 events

Department of Community Development – Abu Dhabi unveils the 'Medeem' initiative

ACWA Power partners with IRENA to spearhead global renewable energy transformation

Deloitte launches Kiyadat to advance GCC national talent into leadership roles

Binance Blockchain Week brings the future of Web3 to Dubai

Dar Al Atta'a sponsors groundbreaking opportunities for students at MHA Oman

New Murabba Development Company showcases commitment to innovation and sustainability at AACE Conference in Riyadh

Albal Design launches UAE's first science based interior design concept

creator-focused SocialFi platform Lyvely gears up for $LVLY token launch

Changer, leading European club for high-net individuals, sets its sights on Dubai to foster innovations and angel investments

Beltone Venture Capital signs partnership agreement with UAE-based investment group Citadel International Holdings

Emirates REIT achieves highest ever property income

UAE: Is your mobile at risk? Residents told how to protect devices

SITE in deal with AhnLab to set up Saudi cybersecurity JV

Redefining Security: The AI-backed technological evolution of cybersecurity incident response

STC rolls out GenNext cybersecurity service in Bahrain

UAE issues high-risk cyber alert, urges residents to update Microsoft

LATEST VIDEO

VIDEO: Shipping freight rates may rise amid rising tensions between Iran, Israel

ZAWYA COVERAGE

Emirates Islamic concludes debut $500 million financing facility

Binance gets full Dubai licence following CZ exit - Bloomberg

Investment banking fees generated in MENA reached $295.1mln in Q1 2024

Saudi Tadawul launches single stock contracts on Maaden stock

IMF tells Asian central banks not to follow Fed too closely

Gold surges as escalating Middle East tensions bolster demand

Trump back in court as jury takes shape

African sprinters primed to dominate track season, says Tebogo

UN chief warns Mideast on brink of 'full-scale regional conflict'

THE BRI REPORT

China’s flagship global infrastructure initiative is changing in the face of potent headwinds