Garmin confirmed, ABC News reports, that it sustained a cyberattack last Thursday. While its online services were disrupted and some files encrypted, Garmin has concluded that no customer data were compromised. Despite saying that files were encrypted, Garmin did not characterize the incident as a ransomware attack. WIRED calls it (as have others) an attack by Evil Corp using WastedLocker ransomware.
Sky News reported that Garmin had obtained a decryption key that enabled file recovery, but said the company “did not directly make a payment to the hackers.” This has prompted speculation that payment might have been made through a third-party. As Decrypt notes, that wouldn’t necessarily protect Garmin from exposure to US sanctions enforcement.
Another ransomware attack has moved from a third-party vendor to its intended target. The Wall Street Journal reports that customer data were taken from SEI Investments when M.J. Brunner, developer of an investment dashboard used by SEI, was compromised and the information was lost. SEI says its own systems weren’t hacked.
FrontRush, a provider of athletic recruiting and amateur athletic management software, disclosed that one of its AWS S3 buckets was left exposed to the Internet. It contained personally identifiable information.
Trend Micro describes Ensiko, a PHP webshell the researchers say has ransomware capabilities among other functionalities. It’s also likely to be resistant to the vigilantism that’s recently hobbled Emotet.
SiliconAngle reports that Cloudflare says the breach Ukrainian authorities disclosed over the weekend had nothing to do with Cloudflare, that the company was not breached.