From decisions to decryption – live the Garmin ransomware attack with Immersive Labs

Unless you’ve been hiding under a rock you’ll know that Garmin was crippled by a ransomware attack in July. The smartwatch specialist had to pull the plug on various services after its internal network and production systems were encrypted, which led to planes being grounded, runners losing morale, and the lazy among us quietly rejoicing.

Aside from disrupting athletes, this caused a headache for just about everyone involved in the cleanup. The incident unravelled dramatically in the media, a kind of digital theatre for security types who all agreed on one thing: Garmin’s response was tragic.

In Act One, Garmin’s PR team were so tongue-tied one must assume they forgot their lines. A pair of short tweets broke the silence and a murky FAQ became the sole touchpoint on a failing website. Customers couldn’t reach the GPS giant via phone, email or online chat, which, ironically, left them feeling lost.

ZDNet sought clarity in Act Two, asking if a ransomware attack had caused the outage. Garmin’s spokesperson said the investigation was “ongoing”, though several of its staff said otherwise having already shut down machines due to ransomware spreading across the network.

Act Three lasted several days and was lapped up by major news outlets globally. Issues continued to plague customers a week after the initial outage, and Garmin's communication was limited. Only in August did the curtain close on the sorry affair, when Garmin paid the offending Evil Corp a multimillion-dollar ransom for a decryption key – bravo!

This incident exemplifies how not to handle a ransomware attack, but Garmin isn’t the first to crumble (just ask Travelex), nor will it be the last. The anxiety and ill-preparedness that characterized its response, however, was the product of inadequate crisis training – so let this be a lesson to us all.

Tackling the Garmin ransomware attack with Immersive Labs

Would you and your team have handled things differently? Using our Cyber Crisis Simulator you can stress-test your response capability in a realistic scenario based on the Garmin incident, where you’ll step into the shoes of an incident response handler at a global tech company. With millions of devices and transport systems relying on the data your company provides, you must organize everyone and everything when the incident occurs – and that means some tough decisions under pressure.

The rich, realistic storyline twists and turns based on the choices you and your team make, driving cyber resilience and human readiness while preparing you to face the real-world consequences of a cyber incident. True to our underlying platform, this occurs on demand in a gamified browser-based environment.

To see the Cyber Crisis Simulator in action, book a demo via the button below.

Incident response incorporates everything from high-level decision making to technical expertise on the ground. Knowing this, we’ve built three labs to complement the Garmin scenario, enabling your team to get up close and personal with the offending WastedLocker ransomware.

The first of these allows you to run the WastedLocker sample that hit Garmin and examine its behavior securely – you’ll even see the original ransom note. The second lab focuses on a deeper, more technical analysis of the malware, while the third and final lab is a practical exercise that allows you to decrypt encrypted files using the decryption key that cost Garmin $10 million!

Book a demo to see these labs and our Cyber Crisis Simulator in action. Alternatively, if you already have an Immersive Labs licence, you can log in here.

TOPICS
Blog
Cyber Crisis Sim
PUBLISHED

6 August 2020

We help businesses to increase and evidence human capability in every part of cybersecurity.

Legal