The Cyberattack on Garmin Poses a Complicated Question for the U.S. Government
The Cyberattack on Garmin Poses a Complicated Question for the U.S. Government
IT Data Solutions
People first started noticing something was wrong with Garmin midway through last week when they weren’t able to use the company’s GPS-enabled devices to upload workout data. Then reports started rolling in that several of Garmin’s other GPS devices and services, including its flight planning programs and customer support tools, were offline as well. On Monday, Garmin confirmed what had by then become clear to many of its customers: It had been the victim of a cyberattack that had encrypted some of its computer systems and rendered many of the company’s services unusable for several days. A week after the attack first hit, Garmin said most of its systems had been restored.
In many ways, the ransomware attack that hit Garmin last week was the same old story that we’ve seen over and over and over again the past few years: A malicious program encrypts the servers of a big organization and effectively shuts down all operations for a period of several days, or in some cases even longer. Compared with ransomware attacks that have hit entire cities or health care systems, it may not have seemed like the most damaging or dangerous attack, though the consequences of the Garmin shutdown were actually pretty far-reaching. Sure, people who relied on popular Garmin watches to track runs and other workouts couldn’t upload their exercise data, but as Lily Hay Newman pointed out in Wired, the outages also affected airplanes that relied on flyGarmin technology and the Garmin Pilot app for flight planning and scheduling purposes.
But what really made the Garmin attack interesting wasn’t the size or scale of its impacts—it was the test it posed to the U.S. government’s ongoing attempts to crack down on Russian cybercrime organizations. According to TechCrunch, the ransomware that infected Garmin’s systems appeared to be a program called WastedLocker, which is distributed by the Russian cybercrime group known as Evil Corp, run by Maksim Yakubets. In late 2019, the U.S. Treasury’s Office of Foreign Assets Control took action against Evil Corp and Yakubets, announcing sanctions that prohibited U.S. individuals and firms from engaging in any transactions with them (as well as several of their associates).
At the same time, the Justice Department also released indictments of Yakubets and his co-conspirator Igor Turashev, offering a reward of up to $5 million for information leading to Yakubets’ arrest. The indictment, and even the proffered reward money, was reminiscent of earlier attempts the U.S. government had made to crack down on cybercrime by issuing indictments of foreign hackers, including other Russian ransomware operators, and offering large rewards. Those earlier efforts had yielded few results, so it was a little difficult to know how symbolic the Evil Corp sanctions and the accompanying indictments were, or whether they would have any significant impact on Yakubets’ operation.
