Garmin was hit with a ransomware attack in late July that affected their website, call centers and other services.
Though Garmin hasn't confirmed the payout, BleepingComputer reported that the company paid $10 million. This is by far the largest recorded payout for a ransom. The previous record was $1 million.
This attack represents another escalation from hackers. In general, hackers determine the ransom amount based on the amount of pain they are able to inflict. Because of this higher payout, hackers will now spend more time selecting their exact target organization and the exact data they want to extract, instead of blindly encrypting compromised accounts.
Further, another feature of this attack was that Garmin reportedly used the services of a middleman, a company called Arete IR. This is also fairly new—the introduction of negotiators between criminals and companies, effectively serving as an escrow. This makes it easier for companies to agree to actually pay the ransom. This is not the first time a middleman has been used. In late 2018, one company that advertised its decrypting services instead just actually paid the ransom. (It's unclear if that's what happened with Garmin.)
Regardless, it's the realization of a new double-edged threat. Hackers are now capturing a copy of the data before they encrypt it. That allows them to encrypt your data and threaten to release it. Before this, many attacks didn't make headlines when the threat was encrypt-only. This new attack guarantees that it will.
It means that hackers will be even more motivated to continue these sorts of attacks, which are already on the rise.
In 2019, there was a 41% increase in all ransomware attacks. That's on top of the fact that the average ransomware payment increased by 104% in Q4 of 2019 over Q3 of 2019—an average of $84,116 over $41,198.
Additionally, SonicWall has found that over the first six months of in 2020, global ransomware increased by 20%.
Despite this, one survey found that 39% of organizations either don't have a ransomware plan or don't know if one even exists.
With both the frequency of attacks and the average payout increasing, companies have to be on guard for ransomware attacks, installing security solutions to guard against it and having a plan in place should it happen.
