WastedLocker Ransomware Attacks Garmin: Enterprise Security is Critical
  

Sangfor Elsa Lv4Posted 05 Aug 2020 15:15

Last edited by Sangfor Elsa 05 Aug 2020 15:17.

20200805.jpg

WastedLocker Ransomware Attacks Garmin: Enterprise Security is Critical

WastedLocker ransomware has garnered attention in recent weeks after an attack on Garmin Inc., a leading provider of "GPS navigation and wearable technology to the automotive, aviation, marine, outdoor and fitness markets". The attack resulted in many Garmin Inc. services being suspended, to the frustration of customers globally. WastedLocker was first detected in May 2020, and believed to be related to Evil Corp, a hacking group which adopts a highly targeted strategy to infiltrate high-value targets, and uses the target’s name when composing encrypted suffixes for ransomware files.

Analysis of the Ransomware Behavior
The ransomware uses an Alternate Data Stream (ADS) method to avoid detection.

969475f2a5bc4f1b06.png

The encryption process excludes some directories and suffixes, as follows:

561845f2a5bd9c7c38.png

File encryption includes the suffix, ”target name + wasted“, as follows:

880415f2a5bef96df0.png

Files including ransom information are generated simultaneously, with the content of the file as follows:

363875f2a5c2211b7f.png

The content of the ransom information is as follows:

133565f2a5c34b49df.png

The file in the encryption process is as follows:

832495f2a5c47a5f5f.png

Ransomware Detection and Killing
1. Sangfor's Endpoint Secure, Sangfor Next Generation Application Firewall (NGAF), Cyber Command and other security products effectively detect and defend against ransomware. Users who have deployed related products can conduct a security scan to detect ransomware, as follows:

923325f2a5c5c6c6d5.png


2. Sangfor provides free anti-virus tools capable of detection and killing viruses, available for download here:
https://page.sangfor.com/anti-bot-tool

Ransomware Protection
The Sangfor Security Team recommends that ransomware prevention should be a top priority when planning network and application security. At present, files encrypted by ransomware cannot be decrypted, making daily preventative measures all the more critical.


1. Install patches regularly to fix vulnerabilities.

2. Regularly perform AND test restoration of non-local backups of important data files.

3. Don't open email attachments from unknown sources, and don't download software from unknown websites.

4. Implement a Zero Trust policy and only allow permissions to files and directories to only those users that must have access.

5. Change account passwords regularly, setting a strong password when doing so. Avoid using the same password for multiple platforms and programs to avoid compromising multiple accounts if credentials are stolen.


6. If RDP is not required for business, close RDP. If a security incident occurs, use Sangfor NGAF (Next Generation Application Firewall) or the Endpoint Secure micro-isolation function to block ports like 3389 and prevent the spread of malware.

7. Both NGAF and Endpoint Secure have anti-propagation policies for malware and ransomware. In the event of a malware infection, the firewall will enable rules 11080051, 11080027, 11080016 simultaneously, and open the anti-propagation functionality.

8. Sangfor recommends that NGAF customers upgrade to the latest version and deploy AI-detection capabilities with Engine Zero to achieve the best defense.

9. Detect new threats instantly and defend your system using Sangfor's cloud based Platform-X management console.

10. Sangfor Security Services can help users quickly improve their security capabilities using hybrid "human-machine intelligence", and provide services like equipment security compliance inspection, threat hunting, and related vulnerability inspection. Ensure that risks are detected immediately and that response & mitigation strategies are updated to prevent such threats.

Finally, Using Endpoint Secure, execute a complete virus scan and system vulnerability scan on the entire network to identify and remove potential attack surfaces. Together, Sangfor Cyber Command, NGAF and Endpoint Secure can help you detect and kill ransomware and protect your intranet.

Consultation and Services
Please do not hesitate to contact Sangfor to get a free consultation and support services:

1) Telephone: +60 12711 7129 (or 7511).

2) Visit the Sangfor Community at http://community.sangfor.com/ and select the "Chatbox" option on the right bottom for consultation.

3) Contact us through our contact form for more information & support: https://www.sangfor.com/about/contact-way.html



Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

Faisal Lv5Posted 29 Aug 2020 13:27
  
Thank you very much ...
Muh Akbar A Lv1Posted 01 Sep 2020 15:42
  
Thanks for information