Garmin Hack

[rps]

I have read Garmin is in its fifth day of a ransomware attack. It appears to be affecting its apps. Has this affected those of you with tm and sonar?

[dave potts]

I heard the Russians were behind the attack and were wanting ten million dollars to get their data back.

[ness]

One of the better articles I saw:

Garmin services begin to come back online after 'playboy Russian hacker, 33, who runs 'Evil Corp' demanded $10m to restore their
2020-07-27 13:42:38.860 GMT

(Daily Mail) - Garmin services began to slowly return Monday morning after the
company was hacked and allegedly held to ransom by Russian group Evil Corps,
who demanded $10 million to restore their operation.

Tens of millions of people around the world found the firm's GPS and
fitness-trackers, including those used by runners, cyclists and pilots, down
for a fifth day Sunday.  

Garmin is yet to comment on the service return or the hacking claims amid
reports they were ordered to pay the ransom by the cybercriminal group headed
by a 33-year-old Russian playboy hacker, Maksim Yakubets, who drives a
customized $250,000 Lamborghini. 

The company had said on Twitter that its website and Garmin Connect fitness
app had been offline since Thursday. It said the 'flyGarmin' site used for
aviation databases was also down. Customers said Monday their services had
'partially' returned. One wrote: 'For the first time in over 4 days, Garmin
Connect seems sorta back up. It's a bit touch and go, but it's waking up.'

In December 2019, the FBI placed a $5 million bounty on Yakubets head for
information leading to his capture. It is the largest reward being offered for
an alleged criminal connected to cybercrime.

Yakubets' latest target seems to have been Garmin, which has still offered no
explanation for their outage, but security analysts said the reason is likely
ransomware, a technique used by hackers to encrypt data and extort funds. The
malware has been linked to a Russian cybercriminal group known as Evil Corp.

Maksim Viktorovich Yakubets, 33, is believed to be the head of Russian hacking
group Evil Corp and responsible for the attack on Garmin's systems. The FBI
has a $5 million reward for information that leads to his capture

WHAT IS EVIL CORP?

Evil Corp is a Russia-based cybercriminal organization, headed by Maksim
Yakubets, which is believed to be responsible for the ransomware attack
against Garmin.

It has been described by officials as one of the most damaging criminal
organizations on the internet. 

Yakubets is alleged to have run the operation since May 2009 from the
basements of Moscow cafes. 

He is said to have employed dozens of people to steal money from victims in 43
countries using computer viruses that are designed to target only victims
outside Russia. 

The 'malware' is downloaded when a victim clicks on an email attachment and
remains hidden on their computer to harvest their personal and financial data
such as online banking details – which is subsequently used to drain their
accounts. 

In December, 15 people associated with the hacking group were sanctioned by
the US treasury. Many are believed to be living in Moscow. 

'Yakubets is a true 21st century criminal,' U.S. Assistant Attorney General
Brian Benczkowski said in December last year 'He's earned his place on the
FBI's list of the world's most wanted cyber criminals.' 

In December 2019, the U.S. Treasury Department sanctioned Evil Corp after
causing more than $100 million in financial damages in the American banking
system. 

As a result, if Garmin had wanted to pay a ransom, it could potentially be
found to be breaking United States sanctions.  

Yakubets is alleged to have run Evil Corp since May 2009 from the basements of
Moscow cafes.

He is said to have employed dozens of people to steal money from victims in 43
countries using computer viruses that are designed to target only victims
outside Russia.

The ‘malware’ is downloaded when a victim clicks on an email attachment and
remains hidden on their computer to harvest their personal and financial data
such as online banking details – which is subsequently used to drain their
accounts.

Operating online under the name Aqua, the hacker and his associates are
accused of stealing at least $100million. US treasury officials also say
Yakubets has provided ‘direct assistance to the Russian government’ by
acquiring confidential documents for the FSB security agency. 

He was also said to be part of a scheme in which Russian intelligence agencies
recruit criminals to hack national security targets.

Yakubets, a Russian national originally from Ukraine, is still at large, as is
his administrator Igor Turashev, 38.

In December, 15 people associated with the hacking group were sanctioned by
the US treasury. Many are believed to be living in Moscow.

If Yakubets leaves Russia, he will be arrested and extradited to America to
face charges. Financial sanctions have been imposed on him by the US, but
privately, insiders say the chances of him setting foot outside Russia remain
small.

Yakubets is known to be a flamboyant character and along with his flash cars,
one of which is a customized Lamborghini with a number plate that reads THIEF
in Russian, he is known to have splashed out on a pet tiger and lion cubs.

He is described as untouchable in the Russian capital, Moscow, where he
regularly films himself driving 'doughnuts' around police, with tires
screeching, in one of his fleet of supercars -  'cash rich with fast cars'
bought from the proceeds of fraud.

For a decade the multi-millionaire is said to have run the world's most
harmful cyber-crime group.

Yakubets, who has also worked for Russia's FSB intelligence agency, is said to
live like a king, splurging more than $250,000 on his wedding. 

He married at a golf club north of Moscow in summer 2017 to glamorous
businesswoman Alyona Benderskaya.

She is believed to be the owner of a chain of Moscow stores selling Italian
luxury clothing called Plein Sport and graduated from the Higher School of
Economics in Moscow in 2014. Benderskaya is believed to be Yakubets' second
wife.

Her father, Yakubets' father-in-law, is a former officer with an elite
special-forces unit of the FSB, Eduard Bendersky but it is also believed that
some of his spy work for the organization rubbed off on his daughter.  

Benderskaya is known to be a founder of several companies called Vympel-Aktiv
and Vympel-Protekt which are linked to the FSB's Special Purpose Center, known
mainly for counterterrorism operations and 'foreign sabotage operations'
according to RadioFreeEurope. 

In April 2018, Yakubets was in the process of obtaining a license to work with
classified Russian information from the Russian spy agency, the FSB -
the Federal Security Service of the Russian Federation.

The FSB was the main successor agency to the KGB. 

Yakubets was also responsible for recruiting and managing a network of
individuals to Evil Corps who would then be responsible for facilitating the
movement of money illicitly.

Yakubets was married at a golf club north of Moscow in summer 2017 to
glamorous businesswoman Alyona Benderskaya who runs a chain of Italian luxury
clothing stores Maksim Yakubets' wedding in 2017 to Alyona Benderskaya whose
father-in-law works for FSB President Eduard Bendersky is seen in pages from
the Vympel Charitable Fund For Former FSB Officers Eduard Bendersky

Over the past five days, Garmin, a company valued at $18 billion, is said to
have become Yakubets' latest target. On Sunday night, even the company's
website was unable to load properly. 

The security news website Bleeping Computer described Garmin as being attacked
by the WastedLocker ransomware. The ransomware attack works by encrypting the
company's data, rendering it inaccessible to employees. Evil Corp is said to 
have demanded a $10 million ransom for the data to be freed up.     

Screenshots show lists of the company's files encrypted by the malware, with a
ransom note individually attached to each file.

The note tells the recipient to contact one of two email addresses to 'get a
price for your data'.

It is not clear whether any customer data has been compromised, as the tech
firm continues to investigate and works to resolve the matter.  

Files shared from a Garmin employee show how a ransomeware file had been
attached to each one giving the user details of what to do next in order to
retrieve their data A tweet shows the email address that Garmin workers were
told to email in order to restore access to their data A note from the hackers
has been attached to every single data file within Garmin's systems along with
details as to how the company will be able to restore access after paying a
ransom The company's communication systems have also been disabled and it now
appears to be unable to respond to frustrated and disgruntled customers The
navigation company was hit by a ransomware attack on Thursday with customers
unable to log their fitness sessions in Garmin apps ever since An outage map
shows just how big of a problem the company's apps are experiencing

In the past, Evil Corp targeted banks primarily located in the United States
and the United Kingdom. 

They developed Dridex software, which was spread using phishing emails that
would entice victims to click on malicious links or attachments embedded
within the emails. 

Evil Corp would then use compromised credentials to fraudulently transfer
funds from victims' bank accounts to those of bank accounts controlled by the
group. 

Yakubets and his co-conspirators are alleged to have victimized 21 specific
municipalities, banks, companies and nonprofit organizations in California,
Illinois, Iowa, Kentucky, Maine, Massachusetts, New Mexico, North Carolina,
Ohio, Texas and Washington.

Evil Corp is known to be one of the world's most prolific cybercriminal
organizations and operates as a business run by a group of individuals based
in Moscow, Russia. 

In June, it was revealed how Evil Corp had breached 31 major American
corporations with a new ransomware attack targeting employees working from
home.

The cybersecurity firm Symantec first announced the breach and attributed it
to WastedLocker.

The FBI is offering a $5 million reward for info that leads to the capture of
Maksim Yakubets who is known to work directly with the Russian government in
carrying out malicious cyber attacks Maksim Yakubets is pictured second from
left along with other Evil Corp members who allegedly 'provide material
assistance' including, from left, Kirill Slobodskoy, Dimitriy Slobodskoy, in
red shirt and Artem Yakubets, far right Evil Corp members Kirill Slobodskoy,
Dmitry Smirnov and Denis Gusev pictured in Dubai

Evil Corp declined to disclose the identities of the other targeted companies,
but they include eight Fortune 500 companies and one major news publication. 

'These hackers have a decade of experience and they aren't wasting time with
small, two-bit outfits,' Symantec's Eric Chien told the New York Times.

'They are going after the biggest American firms, and only American firms.' 

According to Chien, WastedLocker is part of a major expansion in hacking
attempts focused specifically at major American business and government
services in recent months.

'Security firms have been accused of crying wolf, but what we have seen in the
past few weeks is remarkable,' Chien said.

'Right now this is all about making money, but the infrastructure they are
deploying could be used to wipe out a lot of data — and not just at
corporations.' 

According to Symantec, the ransomware is first downloaded on a worker's
computer after clicking a malicious software update window.

Once installed on the person's computer, the ransomware begins unlocking
permissions on the remote corporate network the person is connected to, with
the goal of eventually locking the entire company out of its own systems to
extract a ransom payment.

According to Symantec, the software update window that initiates the entire
process could have come from from any one of 150 legitimate websites whose
security Evil Corp has breached.

WastedLocker is part of a major expansion in hacking attempts focused
specifically at major American business and government services in recent
months. 

Russian native Yakubets owns a customized Lamborghini with a number plate that
reads THIEF in Russian (pictured). He provided a 'malware' software which was
downloaded by people who clicked on an email attachment which arrived in their
inbox and stole their bank details A Lamborghini Huracan and Audi R8 which
were apparently used by Evil Corp members One of Maksim's supercars which has
been intricately designed and customized 

Worldwide, cybercrime results in losses that total in the billions of dollars,
while in the United States, financial institutions and other businesses remain
prime targets for cybercriminals but Evil Corp relies upon a number of core
individuals to carry out critical logistical, technical, and financial
functions.

Essentially the group is run like a legitimate business with someone in charge
of managing the malware software with others supervising the operators seeking
to target new victims, and laundering the proceeds derived from the group's
activities.

Some of the other members cited for allegedly 'providing material assistance'
in this way, according to the U.S. Treasury, are Dmitriy Smirnov, Artem
Yakubets, Ivan Tuchkov, Andrey Plotnitskiy, Dmitriy Slobodskoy and Kirill
Slobodskoy. 

Andrey Plotnitskiy, who authorities identified as another member of Evil Corp
Maksim Yakubets, 33, has been named the world's biggest cyber criminal after
he allegedly ran the world's most harmful cyber-crime group Evil Corp Igor
Turashev was involved in helping Evil Corp exploit victims’ networks. As of
2015, Turashev served as an administrator for Yakubets and had control over
the Dridex malware software Evil Corp have long been behind international
computer hacking and bank fraud schemes, which allow members of the group to
purchase supercars such as this Audi

The Garmin Connect software can be seen unsuccessfully attempting to contact
the company's servers to upload fitness data. The experience has frustrated
customers One Twitter user posted a image that showed how their Garmin
smartwatch was not able to be updated

The ransomware attack has led to a shutdown of many of Garmin's systems. 

Employees working from home connecting by VPN were also cut off from Garmin's
systems in an effort to halt the spread of the ransomware across its network. 

Garmin been largely silent on the outage. On Saturday the company tweeted 'We
are currently experiencing an outage that affects Garmin Connect. This outage
also affects our call centers, and we are currently unable to receive any
calls, emails or online chats. We are working to resolve this issue as quickly
as possible and apologize for this inconvenience.'  

Brent Callow, a threat analyst at the security firm Emsisoft, said he had no
firsthand knowledge but that it 'certainly has all the hallmarks of a
ransomware incident.

'There is really no other event that would be likely to cause such widespread
disruption and cause a company to immediately shut down everything from its
online services to its production line,' Callow said.

Garmin's online fitness tracking service was also offline leaving runners and
cyclists unable to upload data from their latest workouts.

Garmin Connect, an app and website that works with the company's popular line
of fitness watches, remained out of service on Sunday. The company apologized
for the disruption at the end of last week when it indicated the problem was
more widespread and also affected its communications systems.  

Some Garmin users were furious that the company had not explained the reason
for its outage in five days while other mocked those who claimed it was
disrupting their exercise routines

Garmin Aviation, which provides cockpit navigation and communication services,
said on its Facebook page its 'flyGarmin' website and mobile app were down.   

Fitness enthusiasts took to social media to vent their frustrations about not
being able to use the service.

Runners said that while the outage doesn't stop them from training, not being
able to use Garmin Connect means they can't track their workout data or share
their routes on Strava, a social network for runners and cyclists. 

Atlanta tech executive Caroline Dunn, who runs five days a week and finished
the New York Marathon in 2018, said the outage means she and her running
friends can't send each other kudos - Strava's version of Facebook's likes -
to encourage each other. 

'We're not doing this for our health, we're doing this so that we can brag to
our friends,' Dunn said lightheartedly. 'Now that we're all social distancing,
I don't run in a group with my friends and they don't watch me run. I have to
brag online to my friends about all of my runs.'

The outage is also preventing athletes from proving that they've completed
virtual runs that are replacing the many races cancelled because of the
pandemic, Dunn said. Runners who use the Garmin system can't be ranked because
they can't submit GPS data to organizers.

A selection of Garmin's most popular products is shown above in a file photo
Smartwatch maker Garmin is suffering widespread outages after it was
reportedly targeted in a ransomware attack. A notification about the update is
seen on the company's website

Connecticut runner Megan Flood saw the prolonged outage as both a curse and a
blessing.

'It's frustrating in part because my Garmin is connected to my Strava (fitness
app), and I like the community aspect on Strava,' Flood, 27, said Friday. 'But
sometimes not being so connected to my device is nice. I've run some of my
best races when I forgot my watch or covered my watch face, so I find there
are pros and cons to be so connected to a watch.' 

Tech-savvy users shared a workaround: plug the watch into a computer with a
USB cable and manually transfer the files.

Some users also complained that Garmin's lack of communication was a bigger
problem. 

Some Twitter users were quick to mock the situation Garmin and its wearers
find themselves -0- Jul/27/2020 13:42 GMT

 

To view this story in Bloomberg click here:
https://blinks.bloomberg.com/news/stories/QE4RF2BP8R2E

[snagged in outlet 3]

I know of several companies that have been held up in the past year.  Don't want to name them as they try and keep it a secret.  It's a bad deal when it happens.