Ransomware strikes Garmin for $10M

Nov 8, 2010
11,386
Beneteau First 36.7 & 260 Minneapolis MN & Bayfield WI
I dont think most people understand how difficult is is to make a sever secure. To observe anything useful on the sever it must be made less secure.

If i was a hacker id create something that sits tight in the host for weeks, play the long game. Any back up less than a couple weeks old would be compromised.
Indeed. Far from being 'dumb', the attackers are as least as smart as the SysAdmin that operate and protect the machines being attacked. They have probably been inside the Garmin servers for months, slowly increasing their system privileges, maximizing the range of files they can encrypt. They do not want to steal anything. No tracing. Get the bitcoin ransom and get out.
 
Oct 1, 2007
1,856
Boston Whaler Super Sport Pt. Judith
I am extremely cautious with all networks. For instance, when my laptop, which is my primary web interface, is not actively in use on the web I disable the network interface. I never leave the laptop powered up at night, or whenever it is not in use. I have two large desktop machines used for other purposes. They may connect to the network for 1-2 minutes per day. They are also powered down when not in use. I have an Android phone but I use it only for telephone calls and pictures. I do not do anything financial on the phone. When off cruising I bring along a second laptop that has nothing of personal value on it for connecting to the web. I have no "accounts" with google or any other vendor. I stubbornly refuse to allow any software to update itself automatically. I don't download so-called "apps", many of which are trojan horses.
Frankly, I'm terrified of the danger these networks pose but realize that there is some business which must be conducted on the web. I just minimize those actions and the time required.
As an aside, I recently purchased a new printer. All I wanted was a simple USB connection. Couldn't find one. They were all "network" printers. Terrible mistake. The damned thing sits there and talks to someone, somewhere whenever it is turned on. Often it is simply too busy updating itself, communicating with the mothership, or snooping my home network to do the damned printing job I need!!!!
I do the best I can......
 
Sep 22, 2018
1,869
Hunter 216 Kingston
All I wanted was a simple USB connection.
Assuming the printer you have has a Wi-Fi AND a USB connector can’t you just disable the wifi capability from the printer control panel and install it as a USB printer?
 
Nov 8, 2010
11,386
Beneteau First 36.7 & 260 Minneapolis MN & Bayfield WI
I am extremely cautious with all networks. For instance, when my laptop, which is my primary web interface, is not actively in use on the web I disable the network interface. I never leave the laptop powered up at night, or whenever it is not in use. I have two large desktop machines used for other purposes. They may connect to the network for 1-2 minutes per day. They are also powered down when not in use. I have an Android phone but I use it only for telephone calls and pictures. I do not do anything financial on the phone. When off cruising I bring along a second laptop that has nothing of personal value on it for connecting to the web. I have no "accounts" with google or any other vendor. I stubbornly refuse to allow any software to update itself automatically. I don't download so-called "apps", many of which are trojan horses.
Frankly, I'm terrified of the danger these networks pose but realize that there is some business which must be conducted on the web. I just minimize those actions and the time required.
As an aside, I recently purchased a new printer. All I wanted was a simple USB connection. Couldn't find one. They were all "network" printers. Terrible mistake. The damned thing sits there and talks to someone, somewhere whenever it is turned on. Often it is simply too busy updating itself, communicating with the mothership, or snooping my home network to do the damned printing job I need!!!!
I do the best I can......
You can of course have a local WiFi network this is not connected to the internet.... those are two separate things.
 
Nov 8, 2010
11,386
Beneteau First 36.7 & 260 Minneapolis MN & Bayfield WI
Problem is that they get the bitcoin and leave you hanging with a locked system.
Perhaps. But

1) There is no reason to do this, giving it back costs them nothing. It's not like gold; it has no value to them.

2) Its bad business to develop a reputation of NOT unlocking after payment is made.

The perps are total dicks and amoral, but are not stupid.
 
Jun 14, 2010
2,081
Robertson & Caine 2017 Leopard 40 CT
... and dumb people. These people should not be allowed anywhere near a computer. I know that is mean, but it is the truth.
Blaming the victims? :facepalm:
Unless you know a lot more about this incident, you should perhaps keep your judgment in check. You might be next.
 
  • Like
Likes: ggrizzard
Oct 1, 2007
1,856
Boston Whaler Super Sport Pt. Judith
Assuming the printer you have has a Wi-Fi AND a USB connector can’t you just disable the wifi capability from the printer control panel and install it as a USB printer?
There is no USB port on the printer. Somehow I think they have found the network interface is less costly to manufacture, and USB cables are a bit pricey.
 
Apr 16, 2017
841
Federation NCC-1701 Riverside
There is no USB port on the printer. Somehow I think they have found the network interface is less costly to manufacture, and USB cables are a bit pricey.
And now you need a printer server in your home for anyone ekse to use the wifi printer.
 
Apr 16, 2017
841
Federation NCC-1701 Riverside
Perhaps. But

1) There is no reason to do this, giving it back costs them nothing. It's not like gold; it has no value to them.

2) Its bad business to develop a reputation of NOT unlocking after payment is made.

The perps are total dicks and amoral, but are not stupid.
How does a secret underworld criminal organization develop a recogniazable brand?

Are some theives more honerable?
 
  • Like
Likes: ggrizzard
Nov 8, 2010
11,386
Beneteau First 36.7 & 260 Minneapolis MN & Bayfield WI
How does a secret underworld criminal organization develop a recogniazable brand?

Are some theives more honerable?
Its only recognizable after you've been hit and then contacted. Then they say when you ask about assurances, 'Go talk to Ed Link at Garmin'. He'll confirm that we do what we say.'
 

MarcW

.
Dec 9, 2019
18
Hunter 356 Lancaster
I dont think most people understand how difficult is is to make a sever secure. To observe anything useful on the sever it must be made less secure.

If i was a hacker id create something that sits tight in the host for weeks, play the long game. Any back up less than a couple weeks old would be compromised.
Servers can definitely be made secure. What happens is people get lazy and they want all the access with none of the security. Most hackers get in by manipulating people, not code. Ask any corporate IT person and they will laugh at the ludicrously simple passwords people will try and use. You need to force people to change passwords regularly, make them difficult to guess and install software that filters out kitten pictures that people like to click on.

The second part is having a plan in case a high level exec who demands full access ends up clicking on a kitten picture. That would be backups and isolation of critical systems. There are lots of companies that have never had a network breach but all have had attempts made.
 
  • Like
Likes: BobbyFunn
Nov 8, 2010
11,386
Beneteau First 36.7 & 260 Minneapolis MN & Bayfield WI
Servers can definitely be made secure. What happens is people get lazy and they want all the access with none of the security. Most hackers get in by manipulating people, not code. Ask any corporate IT person and they will laugh at the ludicrously simple passwords people will try and use. You need to force people to change passwords regularly, make them difficult to guess and install software that filters out kitten pictures that people like to click on.

The second part is having a plan in case a high level exec who demands full access ends up clicking on a kitten picture. That would be backups and isolation of critical systems. There are lots of companies that have never had a network breach but have all had attempts made.
Umm... this is a rather simplistic view of corporate IT security. The 'social engineering' exploits you hear about are 99% in the domain of low tech or zero tech systems with non-IT personnel in charge of such things. Most of the large scale hacks involve exploiting unknown or newly discovered weaknesses in IT software, and done before a corrective patch is applied.
 
Apr 16, 2017
841
Federation NCC-1701 Riverside
Servers can definitely be made secure. What happens is people get lazy and they want all the access with none of the security. Most hackers get in by manipulating people, not code. Ask any corporate IT person and they will laugh at the ludicrously simple passwords people will try and use. You need to force people to change passwords regularly, make them difficult to guess and install software that filters out kitten pictures that people like to click on.

The second part is having a plan in case a high level exec who demands full access ends up clicking on a kitten picture. That would be backups and isolation of critical systems. There are lots of companies that have never had a network breach but all have had attempts made.
I was going to say something like this but it makes every company i have ever worked at look bad. The most dangerous guy in the company is the VP that likes to dabble.

In the age of NoSql,data lakes, and visualization, permissions are handed out like pez candy fir the sake of responsive reporting and rapid design. All deployed with super accounts that can do anything.

Now throw in remote workers that probably cant tell the difference on what wifi they should be using. Hmmm "FBI Surveliance Van" is unsecured...
 

MarcW

.
Dec 9, 2019
18
Hunter 356 Lancaster
Umm... this is a rather simplistic view of corporate IT security. The 'social engineering' exploits you hear about are 99% in the domain of low tech or zero tech systems with non-IT personnel in charge of such things. Most of the large scale hacks involve exploiting unknown or newly discovered weaknesses in IT software, and done before a corrective patch is applied.
Yes it is simplistic but it is reality for many IT departments. Like I said there are plenty of large companies that get attacked regularly but don't get breached. It's probably more of a corporate IT philosophy than anything else. Our biggest "hack" that managed to get through was because an exec got owned through a phishing email, fortunately the damage was minimal albeit embarrassing for the exec. The best thing an IT dept can do is hope for a corporate culture that listens to them. The amount of bitching our IT dept hears when the email to change passwords goes out is huge but it's either that or passwords like "letmein"
 

jviss

.
Feb 5, 2004
6,745
Tartan 3800 20 Westport, MA
Umm... this is a rather simplistic view of corporate IT security. The 'social engineering' exploits you hear about are 99% in the domain of low tech or zero tech systems with non-IT personnel in charge of such things. Most of the large scale hacks involve exploiting unknown or newly discovered weaknesses in IT software, and done before a corrective patch is applied.
I don't know, I work in product security for a while, and with the IT security guys, and social engineering is a problem even in high tech companies. We used to do phishing tests - a large percentage of recipients clicked. Sad.
 

Lazy1

.
Aug 23, 2019
173
Catalina 22 13425 A driveway in Pittsburgh
Sep 22, 2018
1,869
Hunter 216 Kingston
he most dangerous guy in the company is the VP that likes to dabble.
Yep, I had a senior executive who had me do an extensive evaluation of how the entire company could be converted to use a Dvorak keyboard layout to “increase efficiency”! The executive was a hunt and peck keyboarder or more often would dictate his emails to his admins who were very fast touch typists. I put a few of the “more efficient” keyboards on the admin’s systems. The idea died quickly ;)
 
Sep 22, 2018
1,869
Hunter 216 Kingston
Reading some of the press reports on this event but Garmin hasn’t made a detailed statement so it sure of the “facts” but...

it appears that the source of the ransomware might be an entity that has been “sanctioned” by the USA gov. Assuming that’s factual the company might NOT be able to pay the ransom even if they wanted to.
Crazy world we are in folks! :)