Two years have passed. It would seem that the experience of previous attacks should have taught us: even well-protected computer systems can be successfully attacked by hackers who constantly improve their hacking tools, tirelessly search for vulnerabilities and find them. Not at all! The flow of news about new ransomware attacks does not stop. For example, according to McAfee estimates, distributors of just one ransomware, NetWalker, have “earned” about $25 million since March 2020!
And already in July, several large corporations were attacked by encryptors at once. The attackers demanded a $14 million ransom from the Brazilian energy company Light S.A. ( a chat with their victim). The ransomware virus "collapsed" 18 thousand computers at once at the Telecom Argentina communications operator , and the cybercriminals demanded a ransom of $7.5 million.
Well, the most high-profile case was with Garmin , a world-famous manufacturer of navigation systems and fitness trackers. On July 23, its cloud ecosystem was unavailable. This made it impossible for argentina mobile database of users to operate their devices. And it wasn’t just the fitness trackers that malfunctioned. Flight maps from the flyGarmin app, which is used by civil aviation pilots in the US, stopped updating, and the company’s user support centers stopped working. In other words, the world leader in navigation systems experienced a real collapse.
It turned out that the Garmin platform was attacked by the WastedLocker ransomware, and the hackers demanded several million dollars to unlock the systems. The exact ransom amount is unknown, but many media outlets reported that the company did pay the cybercriminals to restore the functionality of its systems. However, the company is unlikely to officially confirm the fact of payment: American law prohibits paying cybercriminals, and businesses that disobey this ban risk receiving serious fines.
In any case, Garmin's losses are not limited to the ransom amount. The company will have to assess the damage associated with data loss, user churn, and loss of consumer loyalty. And they will clearly be higher than the amount paid to the extortionists.