Angela  Dickens

Angela Dickens

1598330460

Garmin Pays Up to Evil Corp After Ransomware Attack

The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.

Garmin, the GPS and aviation tech specialist, reportedly negotiated with Evil Corp for an decryption key to unlock its files in the wake of a WastedLocker ransomware attack.

The attack, which started on July 23, knocked out Garmin’s fitness-tracker services, customer-support outlets and commercial aviation offerings such as flight-plan filing, account-syncing and database-concierge capabilities. Garmin officially confirmed a cyberattack to Threatpost (and later in a web post), but declined to explain the specific cause.

However, sources reportedly shared photos with BleepingComputer of a Garmin computer with encrypted files with the .garminwasted extension on each file’s name. That indicated that WastedLocker was the malware involved. Soon, the company’s systems started coming back online, and as of Monday Garmin said its services are now fully restored.

BleepingComputer also said it obtained a copy of the working decryptor from the Garmin IT department with a time stamp of July 25, and that the original ransom amount requested was $10 million. Sky News meanwhile reported that the device-maker paid the ransom to Evil Corp, the gang behind the ransomware, via a ransomware-negotiation business called Arete IR.

If Garmin did indeed pay the ransom, the company could be in hot water from a legal perspective. The U.S. Treasury Department in December issued sanctions against Evil Corp, which state that “U.S. persons are generally prohibited from engaging in transactions” with Evil Corp or any of its individual members.

#cryptography #hacks #malware #decryptor key #data analysis

What is GEEK

Buddha Community

Garmin Pays Up to Evil Corp After Ransomware Attack
Houston  Sipes

Houston Sipes

1596893700

UPDATED: Garmin Suffers Reported Ransomware Attack

Garmin’s consumer and commercial aviation services, websites and customer service have all been rendered unavailable.

Garmin, maker of fitness trackers, smartwatches and GPS-related products, has reportedly suffered a widespread ransomware attack — though the facts around the cause remain unconfirmed for now.

The manufacturer tweeted on Thursday that its Garmin Connect service is down; Garmin is a free app for tracking, analyzing and sharing health and fitness activities from a Garmin device.

“We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time,” it acknowledged.

On Thursday night Eastern Time, Garmin also announced that the outage is affecting its commercial aviation offerings, with flight plan filing, account syncing and database concierge capabilities unavailable in the Garmin Pilot app. Also it’s Connext connected cockpit services related to weather, position reports and data from the on-board Central Maintenance Computer (CMC) found on aircraft are down. And, the entire FlyGarmin suite is down, which is an app for Windows, which simplifies avionics database updates and downloads for pilots, such as navigation, charts and more.

“We are currently experiencing an outage that affects flyGarmin and as a result, the flyGarmin website and mobile app are down at this time,” it noted in a website notice. “This outage also affects our call centers, and we are currently unavailable to receive any emails or chats, but do have limited availability for calls. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”

In-flight phone and SMS services remain available via Iridium; and the FltPlan service (offering runway analysis, safety services, flight planning and more) is fully operational, it said.

But, it also added, “This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”

Meanwhile, a local media outlet in Taiwan, where Garmin’s production facilities are based, reported that the outage will soon extend to production lines too: “The production line will be suspended for two days [July 24 and 25]. At the same time, the official website also announced that the company, including the customer service system, map software updates, and application updates, has suspended related services due to system maintenance.”

The tweets and reporting confirm what users have been reporting since the service went down Wednesday night Eastern Time. As the outage has dragged on, users have become aware how much their personal devices interact with the electronics giant’s infrastructure.

__Click to enlarge.

“It’s made me realise [sic] how crazy-reliant my Garmin watch is on their infrastructure,” said a poster on a Hacker News forum. “I went onto the app this morning to try and alter a watch face I already have downloaded, which should totally be configurable through just the mobile app alone. Why the hell does it need to talk to Garmin’s servers to let me do this? It should just be possible through the app alone, without needing any involvement from Garmin’s servers.”

Another pointed out the potential danger to personal data: “I am concerned a little for the location of my home now being in the hands of the wrong people.”

The situation has caused widespread speculation that the sheer reach of the outage into Garmin’s infrastructure indicates a ransomware attack; and one outlet said that Garmin employees have confirmed that the WastedLocker ransomware is to blame.

**Update: **Further reports over the weekend pointed to the WastedLocker ransomware being behind the cyberattack. Sources reportedly shared photos with BleepingComputer of a Garmin computer with encrypted files with the .garminwasted extension on each file’s name.

WastedLocker first appeared on the scene in May, as the work of the Evil Corp group (a.k.a. Dudear). Evil Corp is also associated with the Dridex banking trojan and the BitPaymer ransomware.

Evil Corp’s previous schemes involved capturing banking credentials with Dridex and then making unauthorized electronic funds transfers from unknowing victims’ bank accounts. Money mules would then receive these stolen funds into their bank accounts, and transport the funds overseas. Multiple companies were targeted by Dridex, costing them millions of dollars; victims included two banks, a school district, a petroleum business, building materials supply company and others.

“Wow! This is a doozy,” Saryu Nayyar, CEO at Gurucul, said in an email. “A likely ransomware attack taking down pretty much everything Garmin – website, call center, email, chat, production systems and data-syncing service. You just don’t know when the bad guys are going to attack and who will be their next victim. However, what we do know is every organization is susceptible to ransomware attacks.”

She added, “Hopefully, Garmin has a daily backup regimen for the company’s systems and data – that’s table stakes.”

In December, the Feds started cracking down on the group: U.S. authorities offered up $5 million for information leading to the arrest of Evil Corp. leader Maksim V. Yakubets, 32, of Russia, who goes under the moniker “aqua.” Separately, the U.S. Treasury Department in January issued sanctions against Evil Corp, “as part of a sweeping action against one of the world’s most prolific cybercriminal organizations.”

#cloud security #hacks #malware #mobile security #evil corp #garmin #garmin connect #mobile tracker #outage #production line #ransomware #wastedlocker

Marcus Anthony

1612355729

Amazon Pay Clone, Amazon Pay Clone Script, Recharge & Wallet App Solution

Mobile wallet applications have become the new trend in today’s world. Apps like Amazon Pay, Paytm, PayPal are some of the leading apps that are owned and used by millions. Be it paying bills, recharging, or money transactions, everything has turned easier because of these apps. There were days when people used to travel for hours to do these tasks have been totally transformed. Moreover, consumers can use these e-wallet apps while paying in a store, either for shopping or while eating out. Thus, as far as mobile wallets are concerned, they are a convenient way for handling all the tasks involving finance.

As an aspiring entrepreneur, if you wish to succeed in your business, without second thoughts, go for Amazon Pay clone app development. Let’s narrow down your thinking processes for a quicker stride forward by analyzing the types of apps first.

Types of e-wallet apps you could develop:

Retail application: An app like Amazon is considered the retail app because it has a mobile wallet in it. It has all the basic functionalities, which helps users to redeem coupons and reward points. All the payment modes are accessible through the app, including net banking.

Dedicated app: The app allows P2P money transactions by storing a variety of cards. You could also make international money transfers using this app. Example: PayPal, Apple Pay, and Amazon Pay.

PoS payments: The PoS payment wallet apps are found at the stores. It is exclusively used by the users to make contactless payments without having to stand in a long queue.

Wrapping up,
Choose the best type of e-wallet app you want to develop and join forces with our Appdupe. Grab the cutting-edge Amazon Pay Clone script and launch an app in a week!

##amazon pay clone ##amazon pay clone script ##amazon pay clone app ##amazon pay clone app development ##amazon pay app clone ##amazon pay app clone development

Marcus Anthony

1616830075

Launch a user friendly payment transaction Amazon Pay Clone App

Don’t you think you are amazing? If not, then get ready to Amaze - on the payment apps business market with our Amazon pay clone App development service, we provide amazing customization options at amazing prices. Are you amazed? Reach us immediately and let’s Amaze - on.
Contact us at +91 97 91 101817

#alternative to amazon pay #amazon pay clone #amazon pay clone script #amazon pay clone app #amazon pay alternative

Mikel  Okuneva

Mikel Okuneva

1597676400

UPDATE: Canon Ransomware Attack Results in Leaked Data, Report

The Maze ransomware gang has reportedly leaked Canon U.S.A. data online.

Researchers said in April that the Maze gang had created a dedicated web page, which lists the identities of its non-cooperative victims who don’t pay ransoms and regularly publishes samples of the stolen data. This so far includes details of dozens of companies, including law firms, medical service providers and insurance companies, that have not given in to their demands. And now, according to a report in Bleeping Computer, that list includes Canon.

The leaked data consists of a single file, according to the report: About 2.2 GB-worth of marketing data and videos, compiled into an archive called “STRATEGICPLANNINGpart62.zip.” The Maze gang claims it represents 5 percent of all of the data stolen from the camera giant. It appears to be a warning shot: No financial information, employee data or other sensitive data is included, according to the report.

A day after Canon was suspected of becoming the latest high-profile victim of a ransomware attack on August 5, an internal employee communique admitting just that was leaked to media.

According to reports at the time, the camera-maker had circulated a note to employees confirming that ransomware is to blame for outages across its main U.S. website, email, collaboration platforms and various internal systems.

“Canon U.S.A, Inc. and its subsidiaries understand the importance of maintaining the operational integrity and security of our systems,” reads the note, a screenshot of which has been posted by the outlet. “Access to some Canon systems is currently unavailable as a result of a ransomware incident we recently discovered. This is unrelated to the recent issue which affected image.canon.”

When asked for confirmation, Canon, for its part, simply told Threatpost: “We are currently investigating the situation. Thank you.”

The Maze ransomware gang has taken credit for the outage, claiming to have lifted “10 terabytes of data, private databases etc.” in the process. This fits in with the known _modus operandi _of the group, which usually threatens to leak or sell sensitive data if the target doesn’t pay the ransom.

“Maze is a particularly malicious strain of ransomware, the criminal actors claim to steal their target’s data each time, and threaten to release it publicly if they refuse to pay the ransom,” Tiago Henriques, Coalition’s GM of customer security, told Threatpost. “Its ransom demands are also particularly costly – the average Maze demand we’ve seen is approximately five-and-a-half times larger than the overall average.”

The Canon USA website was still not up at the time of this writing, with a previous “the site is undergoing temporary maintenance” splash page now replaced with a picture of a hot-air balloon and the text, “Our heads aren’t in the clouds. We’re just busy updating our site. Please check back soon! In the Meantime [sic], please visit us at: Canon Online Store or Canon Forum.”

As the page indicates, other Canon assets, including its global website, appear to be unaffected, potentially meaning that the consumer-electronics giant’s security included working failsafe measures to limit the damage.

If so, Canon can count itself a rarity, according to researchers: “In our ethical hacking engagements we are typically able to gain complete control of networks in one to three days and the presence of security products rarely…prevent us from exploiting computer systems,” Chris Clements, vice president of solutions architecture at Cerberus Sentinel, said via email. “The Maze group has proven themselves as good as professional security testing organizations and the significant bounty the collect from extorting their victims means they are well funded to develop their own exploits and bypass methods. Given this, it’s not surprising that they have been able to compromise many large high-profile targets. The reality is that it is very difficult to protect yourself from a skilled adversary.”

The large-electronics-vendor-hit-by-ransomware situation is eerily similar to the recent attack on Garmin, which was the work of the WastedLocker ransomware and Evil Corp. In that case, the GPS specialist reportedly paid a multimillion-dollar ransom to retrieve its files.

“Ransomware has been taking businesses hostage (literally), and the tools, tactics and procedures criminal actors are using have become even more advanced in recent months,” Henriques said. “In the first half of 2020 alone, we observed a 279-percent increase in the frequency of ransomware attacks amongst our policyholders.”

This story was originally published on August 6, but was updated August 14 at 12:15 p.m. ET, with information about Canon U.S.A.’s data reportedly being leaked online.

#breach #hacks #malware #web security #canon #confirmation #consumer electronics #cyberattack #employee memo #garmin #maze #outage #ransomware attack #us website

Marcus Anthony

1616576228

Be the best for the rest to choose you with Airtel Pay Clone app

Would you like to try all and choose the best? Then you should probably visit us now. Try our Airtel Pay Like App Development Service and become the best so that people can choose you. Our services are loyal and trusted, we offer various customization options and comparatively lesser rates. Visit us immediately.

#airtel pay clone script #airtel pay clone app #airtel pay clone #airtel pay clone app development #airtel pay app clone