Unless you’ve been hiding under a rock you’ll know that Garmin was crippled by a ransomware attack in July. The smartwatch specialist had to pull the plug on various services after its internal network and production systems were encrypted, which led to planes being grounded, runners losing morale, and the lazy among us quietly rejoicing.

Aside from disrupting athletes, this caused a headache for just about everyone involved in the cleanup. The incident unravelled dramatically in the media, a kind of digital theatre for security types who all agreed on one thing: Garmin’s response was tragic.

In Act One, Garmin’s PR team were so tongue-tied one must assume they forgot their lines. A pair of short tweets broke the silence, and a murky FAQ became the sole touchpoint on a failing website. Customers couldn’t reach the GPS giant via phone, email or online chat either, which, ironically, had them feeling lost.

ZDNet sought clarity in Act Two, asking if a ransomware attack had caused the outage. Garmin’s spokesperson said the investigation was “ongoing”, though its staff said otherwise, having already shut down machines due to ransomware spreading across the network.

Act Three lasted several days and was lapped up by news outlets globally. Issues continued to plague customers a week after the initial outage, and Garmin’s communication was limited. Only in August did the curtains close, when Garmin paid the offending Evil Corp a multimillion-dollar ransom for a decryption key – bravo!

This incident exemplifies how not to handle a ransomware attack, but Garmin isn’t the first business to crumble (ask Travelex), nor will it be the last. The anxiety and ill-preparedness that characterized its response, however, was the product of inadequate crisis training – so let this be a lesson.

Tackling the Garmin ransomware attack with Immersive Labs

Would you and your team have handled things differently? Using our Cyber Crisis Simulator you can stress-test your response capability in a realistic scenario based on the Garmin incident, where you’ll step into the shoes of an incident response handler at a global tech company. With millions of devices and transport systems relying on the data your company provides, you must organize everyone and everything when the incident occurs – and that means some tough decisions under pressure.

The rich, realistic storyline twists and turns based on the choices you and your team make, driving cyber resilience and human readiness while preparing you for the real-world consequences of a cyber incident. True to our underlying platform, this occurs on demand in a browser-based environment.

To see the Cyber Crisis Simulator in action, book a demo via the button below.

Incident response incorporates everything from high-level decision making to technical expertise on the ground. Knowing this, we’ve built three labs to complement the Garmin scenario, enabling your team to get up close and personal with the offending WastedLocker ransomware.

The first of these allows you to run and examine the WastedLocker sample that hit Garmin – you’ll even see the original ransom note. The second lab focuses on a deeper, more technical analysis of the malware, while the final exercise allows you to decrypt files using the key that cost Garmin $10 million!

Book a demo to see these labs and our Cyber Crisis Simulator in action. Alternatively, if you already have an Immersive Labs license, you can log in here.



Check Out Immersive Labs in the News.


August 6, 2020


Immersive Labs