{"id":273,"date":"2020-07-28T08:52:43","date_gmt":"2020-07-28T08:52:43","guid":{"rendered":"http:\/\/box5442.temp.domains\/~arpioio\/?p=273"},"modified":"2020-07-28T08:52:43","modified_gmt":"2020-07-28T08:52:43","slug":"behind-the-garmin-ransomware-attack","status":"publish","type":"post","link":"https:\/\/arpio.io\/staging\/8013\/behind-the-garmin-ransomware-attack\/","title":{"rendered":"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack"},"content":{"rendered":"

By now, you\u2019ve probably heard about the massive multi-day outage that Garmin is suffering at the hands of the WastedLocker ransomware strain.\u00a0 This is the latest in a long line of ransomware attacks that have been accelerating during the COVID-19 era<\/a>.<\/p>\n

Typically when ransomware strikes, companies do their best to avoid disclosure \u2013 nobody wants to admit that they\u2019ve been hacked \u2014 but the scale of this attack, and the impact on Garmin\u2019s consumer-facing services has made it impossible to hide.<\/p>\n

We should all have great empathy for the situation at Garmin right now.\u00a0 This can\u2019t be a pleasant time to be a member of their team.\u00a0 The past 5 days have surely involved a herculean effort across every corner of the company, with immense stress and close to no sleep.\u00a0 We\u2019re all vulnerable to ransomware \u2013 they just happen to be the latest victim.<\/p>\n

But, what can we learn from the event?\u00a0 And how can we prevent the same outcomes for our own businesses?\u00a0 Let\u2019s dive in.<\/p>\n

The Garmin Attack<\/h4>\n

The Garmin attack began early the morning on July 23rd, and by 8:35 a.m. Garmin\u2019s Twitter account was announcing<\/a> that the Garmin website, their consumer-facing Garmin Connect service, and their call centers were all offline.\u00a0 Leaks from within the company further indicated that several assembly lines had also been shut down.\u00a0 And they confirmed that the culprit was ransomware.<\/p>\n

The particular ransomware strain appears to be \u201cWastedLocker<\/a>,\u201d a new strain that was released two months ago by the Russian hacking group \u201cEvil Corp Gang.\u201d\u00a0 WastedLocker is a very customizable ransomware, and they most likely built a custom package specific to the Garmin environment.<\/p>\n

WastedLocker encrypts all files it can access, and leaves a ransom note next to each file.\u00a0 It also aggressively seeks to delete data backups that would allow the victim to restore files without paying the ransom.\u00a0 Luckily, WastedLocker does not (currently) attempt to exfiltrate data from the infected machines.<\/p>\n

According to news reports, the ransom fee for the Garmin attack was $10 million.\u00a0 And apparently, they paid it<\/a> (or had a third party do so on their behalf), which is not surprising given the catastrophic impact of losing their data.\u00a0 They were certainly losing significantly more money than this as their entire company was idled for days.<\/p>\n

Protecting Your Business from Ransomware<\/h4>\n

Ransomware is a fact of doing business in 2020, and it\u2019s important that all businesses seriously consider this threat and work actively to mitigate it.\u00a0 Obviously, this starts by preventing bad actors from accessing your systems and network.<\/p>\n

But conventional wisdom in the security world accepts that you can no longer prevent hackers from getting in.\u00a0 You need a layered strategy that minimizes the damage they can do once they get in.\u00a0 This is generally implemented through best practices such as network segmentation<\/a> (micro-segmentation<\/a> is the new standard), least-privilege<\/a>, and multi-factor authentication<\/a>.<\/p>\n

But what happens when even those methods fail, and a ransomware attack is upon you?\u00a0 At that time, you have a disaster on your hands, and your last line of defense is your disaster recovery plan.\u00a0 So it\u2019s absolutely critical that your DR plans contemplate recovery from ransomware attacks.<\/p>\n

Recovering from a ransomware disaster requires restoring data from backups, so it\u2019s critical that you have backups available when you need to recover.\u00a0 WastedLocker and other ransomware strains understand that your backups are your savior, and they work hard to eliminate this recovery path.<\/p>\n

To ensure that ransomware cannot delete (or encrypt) your backups, you need to lock-down your backups in some form of \u201cbackup vault.\u201d\u00a0 You used to send tapes offsite, but most people aren\u2019t doing that anymore.\u00a0 Instead, you need to look at your computing environment and figure out the right strategy to securely store your data backups where no bad actor can access them.<\/p>\n

Ransomware-Proof Disaster Recovery in AWS<\/h4>\n

If your computing environment runs in AWS, securely storing backups means copying them into another AWS account.\u00a0 This account should be locked down, with minimal access.\u00a0 Your colleagues who maintain perpetual access to your production account don\u2019t need to use this \u201cvault\u201d account, and you can limit access to a small number of senior team members.<\/p>\n

The major data services in AWS, such as EBS and RDS, enable cross-account copies of backups and snapshots.\u00a0 Unfortunately, the built-in backup solutions like AWS Backup and DLM do not take advantage of those features.\u00a0 To achieve this protection, you\u2019ll need to build your own automation or look for a 3rd party solution where it\u2019s built-in (hint: scroll down to learn about your best option).<\/p>\n

Finally, once you\u2019ve established vaulted backups for your AWS data, you need to test your recovery.\u00a0 If your AWS account has been compromised, you\u2019ll want to rebuild everything in a clean and secure environment.\u00a0 This is a complex process, and the wrong time to work out the kinks is when you\u2019re in the midst of a ransomware attack.<\/p>\n

About Arpio<\/h4>\n

Arpio provides comprehensive disaster recovery for AWS environments so that you don\u2019t have to build it yourself.\u00a0 Our software automates Amazon\u2019s best practices for disaster recovery, including locked-down backups and fully automated environment recovery.\u00a0 If your AWS environment ever falls victim to ransomware or any other IT disaster, Arpio makes it quick and easy to recover your business.<\/p>\n

Learn more at www.arpio.io<\/a>.<\/p>\n<\/body>","protected":false},"excerpt":{"rendered":"

By now, you\u2019ve probably heard about the massive multi-day outage that Garmin is suffering at the hands of the WastedLocker ransomware strain.\u00a0 This is the latest in a long line…<\/p>\n","protected":false},"author":1,"featured_media":274,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","content-type":"","inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-273","post","type-post","status-publish","format-standard","has-post-thumbnail","category-blog"],"yoast_head":"\nCritical Disaster Recovery Lessons: The Garmin Ransomware Attack \u2014 Arpio<\/title>\n<meta name=\"description\" content=\"Garmin\u2019s recent ransomware attack cost them $10 million and 5 days of downtime. How can we ensure better outcomes for our businesses?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack \u2014 Arpio\" \/>\n<meta property=\"og:description\" content=\"Garmin\u2019s recent ransomware attack cost them $10 million and 5 days of downtime. How can we ensure better outcomes for our businesses?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Arpio Disaster Recovery Made Easy\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-28T08:52:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/arpio.io\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"750\" \/>\n\t<meta property=\"og:image:height\" content=\"517\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"6805pwpadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:description\" content=\"Garmin\u2019s recent ransomware attack cost them $10 million and 5 days of downtime. How can we ensure better outcomes for our businesses?\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"6805pwpadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/\"},\"author\":{\"name\":\"6805pwpadmin\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095\"},\"headline\":\"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack\",\"datePublished\":\"2020-07-28T08:52:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/\"},\"wordCount\":908,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/\",\"url\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/\",\"name\":\"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack \u2014 Arpio\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg\",\"datePublished\":\"2020-07-28T08:52:43+00:00\",\"author\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095\"},\"description\":\"Garmin\u2019s recent ransomware attack cost them $10 million and 5 days of downtime. How can we ensure better outcomes for our businesses?\",\"breadcrumb\":{\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#primaryimage\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg\",\"contentUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg\",\"width\":750,\"height\":517},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/arpio.io\/staging\/8013\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/\",\"name\":\"Arpio Disaster Recovery Made Easy\",\"description\":\"AWS Disaster Recovery\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095\",\"name\":\"6805pwpadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g\",\"caption\":\"6805pwpadmin\"},\"sameAs\":[\"http:\/\/support.pagely.com\"],\"url\":\"https:\/\/arpio.io\/staging\/8013\/author\/6805pwpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack \u2014 Arpio","description":"Garmin\u2019s recent ransomware attack cost them $10 million and 5 days of downtime. How can we ensure better outcomes for our businesses?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/","og_locale":"en_US","og_type":"article","og_title":"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack \u2014 Arpio","og_description":"Garmin\u2019s recent ransomware attack cost them $10 million and 5 days of downtime. How can we ensure better outcomes for our businesses?","og_url":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/","og_site_name":"Arpio Disaster Recovery Made Easy","article_published_time":"2020-07-28T08:52:43+00:00","og_image":[{"width":750,"height":517,"url":"https:\/\/arpio.io\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg","type":"image\/jpeg"}],"author":"6805pwpadmin","twitter_card":"summary_large_image","twitter_description":"Garmin\u2019s recent ransomware attack cost them $10 million and 5 days of downtime. How can we ensure better outcomes for our businesses?","twitter_misc":{"Written by":"6805pwpadmin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#article","isPartOf":{"@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/"},"author":{"name":"6805pwpadmin","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095"},"headline":"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack","datePublished":"2020-07-28T08:52:43+00:00","mainEntityOfPage":{"@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/"},"wordCount":908,"commentCount":0,"image":{"@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/","url":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/","name":"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack \u2014 Arpio","isPartOf":{"@id":"https:\/\/arpio.io\/staging\/8013\/#website"},"primaryImageOfPage":{"@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#primaryimage"},"image":{"@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg","datePublished":"2020-07-28T08:52:43+00:00","author":{"@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095"},"description":"Garmin\u2019s recent ransomware attack cost them $10 million and 5 days of downtime. How can we ensure better outcomes for our businesses?","breadcrumb":{"@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#primaryimage","url":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg","contentUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/image-asset-3-1.jpeg","width":750,"height":517},{"@type":"BreadcrumbList","@id":"https:\/\/arpio.io\/behind-the-garmin-ransomware-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/arpio.io\/staging\/8013\/"},{"@type":"ListItem","position":2,"name":"Critical Disaster Recovery Lessons: The Garmin Ransomware Attack"}]},{"@type":"WebSite","@id":"https:\/\/arpio.io\/staging\/8013\/#website","url":"https:\/\/arpio.io\/staging\/8013\/","name":"Arpio Disaster Recovery Made Easy","description":"AWS Disaster Recovery","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095","name":"6805pwpadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g","caption":"6805pwpadmin"},"sameAs":["http:\/\/support.pagely.com"],"url":"https:\/\/arpio.io\/staging\/8013\/author\/6805pwpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/comments?post=273"}],"version-history":[{"count":0,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/273\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media\/274"}],"wp:attachment":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media?parent=273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/categories?post=273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/tags?post=273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}