The security providers Coveware, Emsisoft and Fox-IT assume that the operators of the Dridex botnet are behind the ransomware attack on Garmin. The group called EvilCorp, which is said to have its roots in Russia, uses the ransomware WastedLocker, which is also responsible for the system failures at Garmin.
According to security experts, unlike many other ransomware gangs, EvilCorp is not known to steal data and threaten its victims with the disclosure of confidential information. This is said to have already applied to the ransomware Bitpaymer, which EvilCorp used for extortion attempts before WastedLocker.
“We did not find any evidence of data theft in the WastedLocker cases we were involved in,” said Fabian Wosar, Chief Technical Officer at Emsisoft. “We have not yet seen EvilCorp steal customer data to force victims to pay,” added Frank Groenewegen, chief security expert at Fox-IT. This was also confirmed by Bill Siegel, CEO of Coveware, for Bitpaymer and WastedLocker.
However, Groenewegen did not fundamentally rule out the theft of data as part of the attack on Garmin. The Fox IT manager also admitted that EvilCorp regularly steals data such as operating instructions, employee lists and login data for Active Directory. This information might help hackers move around the victim’s network. User data may also have been compromised.
In addition, EvilCorp hackers are said to have spied out financial data in previous attacks. “Before they started focusing on ransomware, they targeted payment processors to steal credit card information,” Groenewegen said. The data were then sold in relevant forums.
Garmin had only admitted the ransomware attack earlier this week. The company previously declared the disruption of its services with maintenance work. Garmin also emphasized that there was no evidence of theft of customer data or even payment data from Garmin Pay.
Collaboration platform Slack: work efficiently – no matter where
Before COVID-19, remote work was almost unthinkable for many companies. Today they realized that it can work very well if the general conditions are right. Find out in this webinar how you can optimally react to changing working conditions with the Slack collaboration solution.