Garmin received decryptor for WastedLocker ransomware(bleepingcomputer.com) |
Garmin received decryptor for WastedLocker ransomware(bleepingcomputer.com) |
I even have a Garmin device affected by this. I still want ransomware stopped.
I get the sentiment that Garmin should suffer due to paying the ransom, but I bet a lot of american companies would act the same way if it was their company on the line.
At least this incident should serve as a warning to other companies that Ransomware is very real and there has to be a plan for recovery without paying the ransom.
I would also suspect that they never paid any ransom. They probably only paid consulting fees to security/ransomware experts (wink wink).
[0] https://www.bloomberg.com/opinion/articles/2019-06-26/everyt...
Like do they even bother planning for that or are they unaware of the risk or did they decide it’s more cost effective to purely rely on prevention and plan to pay any ransom.
I feel like there should be a regulation, where if they pay the ransom then they get a penalty of 2-5x the ransom charged.
So victims can only make sure that they have a malware checker that finds the culprit, then do fresh installs, then check each file before it's restored from backup. Sounds like a crazy amount of work.
It is unfortunately very rare to find this in practice - everyone seems to be happy with just snapshotting live systems as a backup these days; and it works well enough as long as there is no lingering systemic corruption of data.
(And .... Excel, by mixing data with potentially malicious code, is beyond redemption. But good luck quarantining that in a modern suit controlled company)
It's likely a nod to Mr. Robot, where the company that the hackers are infiltrating is called Evil Corp.
The attacker could: get the victim infested with malware; ensure that the malware infects all new files; wait one year; then trigger the encrypt function.
If the victim pulls a file that is newer than one year old from backup, the victim will pull the malware from backup.
(Only if the file is of a type that could be infected in the first place, of course. README.txt will not be infected.)
For instance: I have backups going to an append-only s3 bucket in a separate AWS account, but I don't have monitoring in place to ensure that bucket hasn't been wiped. An email would get generated, but it'd go to the root account holder, who may not notice in time.