Hackers create copies of VPN services with the AZORult trojan to steal user data

Hackers attack Garmin systems with ransomware and demand $ 10 million ransom

Garmin was the victim of an attack with the WastedLocker ransomware that compromised its internal network and production systems. Last week, the well-known smartwatch manufacturer was forced to stop its international operations. Apparently, the attackers are demanding a ransom of 10 million dollars for the information captured.

The manufacturer explained through its website and Twitter account that the Garmin Connect and Garmin Pilot services were affected. In addition, due to the attack, the company is prevented from providing customer support services, either through call centers or through electronic mail. The attack also affected the flyGarmin aircraft database services and, on the ZDNet website, several pilots indicated that they were unable to update the software.

According to internal sources that the BleepingComputer website had access to, Garmin's computer department tried to shut down all computers on the network as the equipment began to be encrypted by ransomware, including those that were connected to the company's VPN.

Photo of files encrypted by the WastedLocker ransomware credits: BleepingComputer

Since the maneuver failed to execute successfully, the company asked employees to shut down all computers on the network to which they had access. To avoid losing more information, all equipment that is part of the Garmin data center has been turned off.

Image of encrypted files obtained through a sample of the WastedLocker ransomware credits: BleepingComputer

After further investigation, the website found a sample of the ransomware used in the Garmin attack and managed to generate the ransom note left by cybercriminals, as well as the files that were encrypted.

Ransom note generated through a sample of the WastedLocker ransomware  credits: BleepingComputer

Behind the attack that started at the company's headquarters in Taiwan may be the Evil Corp group, also known as Dridex, which has been active since 2007. Russian cybercriminals who are being targeted by the United States Department of the Treasury, have been using the WastedLocker ransomware to attack multiple US companies and ask for ransoms in the order of millions of dollars.