The Great Hack: How Evil Corp Took Garmin For $10 Million

We live in an age where hackers rule the world of crime. The days of strong-arm robbing a bank are gone, and criminals are turning to more complex tactics to make their illegal fortunes. Just one week before the Garmin ransomware attack, I was sitting in my living room enjoying some Lazarus Naturals CBD and setting up my brand new Garmin watch, completely oblivious to what was in store for every Garmin user on the planet.

Who Is Evil Corp

There is an immeasurable number of hacker groups that exist and due to their particular set of skills, they are almost impossible to catch. One of the most prominent and successful of all hacker groups is the cyber-terrorist organization commonly referred to as Evil Corp. This powerful and terrifying group of hackers has executed multiple ransomware and phishing scams all over the planet. It is believed that the Russian based group is headed by a man named Maksim Yakubets. Many suspect that Yakubets is either an ex-KGB, or a Russian spy due to his incredible abilities and ability to avoid being caught red-handed.
How They Hacked The Garmin Database

U.S Sanctions And How Garmin Got Around Them

It is hard to get exact dates due to Garmins unwillingness to talk directly about the situation, but the cyberattack took place in late July. One day things were normal for Garmin users, and the next day the entire system was offline. The Garmin apps were inaccessible as was your personal data and syncing abilities. From a user’s perspective, there was total confusion as Garmin scrambled to get things taken care of on the back end.

There was a notification banner on the Garmin app that said they were experiencing outages and would be back up shortly. They were not. It took well over a week for Garmin to get things sorted because the situation was more complicated than just forking over $10M. There are sanctions put in place by the U.S government that prevents companies like Garmin from dealing with cyber-terrorist organizations such as Evil Corp. The government believes that by making it illegal to pay ransoms to cyber terrorists that the attacks will simply stop. This has not only been proven to be untrue, it has put the security of millions of Garmin users at risk.

When Garmin was hacked many people suspected that there was more going on than an unspecified outage. It was clear that something was wrong but they desperately wanted to avoid the stage and stay out of public scrutiny for failed cybersecurity and the potential for breaking the law in an effort to correct their mistake. Nobody knows exactly how Garmin paid the terrorists and avoided sanctions but they did. It is suspected that they hired a top-notch team of lawyers and a third-party to take care of negotiations and payments.

A $10,000,000 Employee Error

I would have hated to have been the employee who accidentally toppled the dominos so-to-speak. It is widely believed that the Garmin ransomware attack was made possible by a phishing email. One of the oldest cyber attack techniques in the book. Phishing is when an enticing email is sent out to multiple recipients who the attacker hopes will open the email thus unknowingly installing the malware on their computer. This scam has been used countless times throughout the years and has led to hundreds of millions of dollars being stolen.

Garmin has spent a huge amount of money on developing their cybersecurity and educating employees on how to avoid things like phishing emails. Unfortunately with this situation, all of their tactics fell short and they were not able to stop all of their user information from being taken for ransom.

What This Means For The Future Of Cyber Hacking

The U.S put strict sanctions in place in the hopes of preventing this exact situation and it was wholly ineffective. The sanctions did not dissuade Evil Corp from carrying out the attack, nor did it prevent Garmin from paying. It seems that this is a situation where the U.S government doesn’t have the control that many policymakers would like to believe they have.

It is unfortunate, but the reality is that these matters should probably be dealt with on a case by case basis instead of making one blanket policy and believing that its the end of cyber terrorism. The problem with this situation is that the big losers aren’t Garmin, Evil Corp, or the U.S government, they are the people who trusted Garmin and the American government to do thake more appropriate and thoughtful measures to prevent this sort of situation in the first place.