Lessons Learned from the Garmin Ransomware Attack

Posted by Norma Stratton on

In July of this year, the multinational technology company Garmin Ltd, well known in the field of GPS technology, was hit with a devastating ransomware attack. As a result, the company was forced to shut down their site, Garmin Connect, responsible not only for syncing data from wearable devices pertaining to activities such as bike rides, but also aviation database services and even their call centres.

Recovery was slow, with services coming back online 5 days later. This was followed by reports that Garmin had paid several million dollars in ransom to obtain a decryption key that would allow them to restore their data.

This unfortunate event is a learning experience not only for Garmin, but virtually every business. Here are some key lessons that can benefit your business:

  • Ransomware Attacks Can Target Anyone. No matter the size of an organization, ransomware is always a concern. There are always vulnerabilities that can be exploited, whether they be issues in your systems or an employee who falls prey to deception. Even large, well-established companies are not immune to attack. In fact, they may be targeted due to the perceived opportunity for a larger payout.
  • Pay Once and Expect to Pay Again. It may be tempting to pay the ransom in order to get things back to “normal,” but according to many law enforcement authorities and cybersecurity experts, that is not a wise decision. Acceding to ransom demands may offer a short-term fix, but the long-term implications can be disastrous; cyber criminals will likely view your company as an easy target. While the same attackers are not likely to launch a second attack, others will be emboldened by your willingness to pay. Unless your company acts to shore up its defences, it is quite likely that further attacks could see you continuing to pay.
  • Times and Targets Are Not Random. Attackers could go after small- and medium-sized businesses, which tend to be easier targets, but will often target large organizations instead. Why? Large companies have deeper pockets, and in the case of Garmin, their data was critical to their operations, meaning that they would be more likely to pay the ransom. The timing of the attack—just prior to quarterly earnings being announced—may have been intentional, in order to force Garmin’s compliance with ransom demands.
  • A Large Product Range Can Make You More Vulnerable. Garmin offers a wide variety of products which can result in a lack of transparency in the company’s infrastructure, which in turn can provide cover for potential attackers. It is important that every potential entry point into your systems be visible to your security team. Every one of these points, including servers and mobile devices, is a potential target for attackers.
  • Ransomware Impacting Customer Operations is the Most Successful. When ransomware seriously disrupts customer operations, it is particularly effective. The attack on Garmin meant that all of their connected devices simply stopped working, which was enough to force their hand and make them pay the ransom.
  • A Lack of Network Safeguards Can Increase the Severity of the Attack. Judging by the manner in which the ransomware spread, it seems likely that Garmin had a flat, centralized structure, allowing the ransomware to spread easily and quickly. This also impacted Garmin’s ability to restore its systems effectively.
  • Humans Can Be the Weak Link. It is believed that the source of the Garmin attack was the ransomware WastedLocker, which disguises itself as a software update that is downloaded by a user. Employees should receive ongoing training in order to stay current with potential threats. Unfortunately, many companies provide rather basic training that leaves employees unprepared for the dangers they may encounter.

With cybercrime on the rise and cybercriminals becoming bolder and more creative, it’s more important than ever for companies to be aware of the dangers they face and invest not only in adequate defences, but also appropriate and up-to-date training for workers.

The attack on Garmin is an unfortunate sign that anyone can be vulnerable, but it is also a good reminder to have plans in place for dealing with ransomware and other attacks.


Every business should assume they have either been attacked, are being attacked, or will be attacked. Fast detection and swift response are the small business owner’s only defense.

You can access my Free Ebook=> “WHAT’S AT STAKE FOR YOUR BUSINESS?” 

So, if you’re ready to put the right security in place. Contact me, I have traveled the globe Identifying security threats in Companies. I can help give your business a peace of mind as you move into the digital revolution. There’s no risk to talk with us about your business and you can stop the process any time.  But if you let us look under the hood, we’ll help you discover any potential problems before they impact your business or take your data. If everything looks good, we’ll tell you. However, if we discover symptoms of a growing threat, we’ll help you check them out to make sure you’re not exposed to catastrophic failure.