الرئيسية / ENGLISH / Crypto-ransomware in action: a closer look at the WastedLocker hijack of Garmin

Crypto-ransomware in action: a closer look at the WastedLocker hijack of Garmin

the popular fitness and GPS technology company, was the victim of a crypto-

ransomware attack that forced the company’s most popular services offline

for three days while its internal network and production systems were

encrypted and held for a $10 million ransom. This high-profile incident is the

latest in a growing number of targeted ransomware attacks against large

organizations.

Garmin was attacked by the Trojan WastedLocker—ransomware that has become noticeably more active since the first half of this year. This particular version was designed to specifically target Garmin and contains several unusual technical aspects.

The first is its User Access Control (UAC) bypass technique. Once launched on

a compromised device, the Trojan checks whether it has high enough

privileges. If not, it will attempt to silently elevate its privileges by tricking a

legitimate system binary into launching the Trojan’s body hidden in an

alternate NTFS stream.

In addition, the sample of WastedLocker analyzed from the Garmin attack

used a single public RSA key—the type of key used to encrypt the files. This

would be somewhat of a weakness if the malware were to be massively

distributed. The decryptor would only have to contain the one private RSA key

to decrypt everyone’s files. However, if the campaign is targeted—as it clearly was in this case—a single RSA key is an effective approach.

“This incident only highlights that there is a growing trend of targeted crypto-

ransomware attacks against large corporations—in contrast to the more

widespread and popular ransomware campaigns of the past, like WannaCry

and NotPetya. While there are fewer victims, these targeted attacks are typically more sophisticated and destructive. And there is no evidence to

suggest that they will decline in the near future. Therefore, it’s critical that organizations stay on alert and take steps to protect themselves,” comments

Fedor Sinitsyn, security expert at Kaspersky.

Read more about the WastedLocker attack on Garmin on Securelist.

To reduce the risk of being exposed to WastedLocker and other ransomware,

Kaspersky experts have the following recommendations:

1. Use up-to-date versions of OS and applications

2. Use a VPN to secure remote access to company resources

3. Use a modern endpoint security solution, such as Kaspersky Endpoint

Security for Business with behavior detection support and remediation engine

allowing automatic file rollback, and a number of other technologies to stay

protected from ransomware

4. Improve employees’ cybersecurity education. Kaspersky Security

Awareness offers computer-based training products that combine expertise in cybersecurity with best-practice educational techniques and technologies

5. Use a reliable data backup scheme or solution

شاهد أيضاً

Ericsson

Ericsson accelerates 5G for Enterprise with acquisition of Cradlepoint

Ericsson has agreed to acquire Cradlepoint, the US-based market leader in Wireless Edge WAN 4G …

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *