You’re working at your computer when all of the sudden – BAM! – you get a pop-up notification that your PC is infected with a virus and you must “click here” to run a scan or install antivirus software. This is a common scareware tactic used by hackers to get you to click and download a virus. (You should know we would NEVER deliver that type of pop-up to you!)

Often it will appear to be a system alert or a Microsoft operating system alert. Regardless of how legitimate it looks, NEVER click on the site or the pop-up. The safest thing to do is close your browser; do not click on the X, “Close” or “Cancel” button in the pop-up or on the site because clicking on anything on the page or pop-up will trigger a virus download. If that won’t work, bring up your task manager (hold Control + Alt + Delete on a PC and Command + Option + Esc to “Force Quit” on a Mac) and close the web browser or application where it appeared. Next, notify your IT department (us!) that this has happened so we can double-check with a legitimate scan if your computer was infected.


Episode Show Notes:  
In this episode we discuss...
  • A confirmed WastedLocker Ransomware attack on Garmin Connect  A GPS software, they run GPS infrastructure for a whole lot of devices all around the world
  • We are going to reverse engineer this ransomware attack on Garmin Connect and tell you exactly what hope we have for preventing this! (5:10)
  • Joe is going to break this down for us with inside info from a couple discrete cyber security forums that he’s in. (3:30)
  • Disclaimer: Official word from Garmin was that they’re having a network outage, doing some emergency repairs, something like that -
  • By default, we are not inclined to talk about our dirty laundry nobody wants to do that. But the tragedy in the industry is that we don’t get to learn from other’s mistakes because it’s always so hidden.
  • Listen as we reverse engineer this situation with insider information and find out what went wrong and what can we do, what could Garmin have done to prevent this.
So that is the value for me in trying to reverse engineer this situation and find out what went wrong
  • What most people will say in a case like this is: “Well if Garmin is going to get breached, and they have all the resources in the world what hope do I have?” (4:30)
We are going to give you some hope – we are going to talk about what you can do... What COULD Garmin have done to have prevented this outage? (4:50)
  • Confirmed WastedLocker ransomware attack - the new fancy name for this strain of ransomware (10:25)
  • They engineered this software for Garmen – it was a personal, TARGETED attack. It was so targeted that they knew specifically what users they were targeting. (11:00)
Why you should NEVER click on popups:
  • They knew specifically what users they were targeting - This particular hack is from clicking on a java script code (so a pop-up on a website) and they knew this particular user would go to this particular website pretty frequently and would possibly click on a popup. (11:10)

POP QUIZ: if you see an alert to update something what do you do? (12:30)

Ransomware In the U.S.- We have sanctions in the US against paying ransomware – we can’t pay the ransom to a foreign entity, specifically Russia, and SPECIFICALLY we cab't pay the ransom to this guy - (hint: he created Evil-Corp)

BACKUPS: why the normal restore from backups does not cut it anymore. (19:00)
  • What you normally do is restore from backups, but this was intelligent enough to get in and wipe out their backups too (19:00)
  • Cool thing about backups, if you are doing it right there are other, additional preventative measures that could have prevented this attack....
How offline backups could have PREVENTED this attack: (19:15)
  • Offline backups – this is an additional preventative measure that we take here at Phoenix IT Advisors and therefore this would NOT have affected us or our clients. Because we keep offline backups for them.
TIPS After Breaking Down This Attack:  (20:30)
  1. Don’t do updates that are pushed to you – go to the website/app directly and do it from there – initiate it yourself.
  2. It starts with the site that they clicked on – so, make sure you have security on your website and someone looking out for these things.
  3. When you are hiring an IT firm to do your security – you may not want to go to the cheapest bidder - (23:55)
  4. Communication is KEY for the IT security world.
To the theme of our podcast -

When you get breached, are they going to call YOU the victim stupid or irresponsible? The reality is they are calling you one of these two, they are coming after you either way. So how do we deal with it?

So how do we deal with it? (26:55) 
  • Put a plan in place,
  • Follow industry standards,
  • Follow best practices,
  • If you do this, then you’ve got to know what they are and stay up to date on them.

“We can't do the head in the sand approach; this attack was PREVENTABLE”

  • This attack was preventable – with the right software, it was PREVENTABLE – So, get a plan in place, check your plan on a regular basis  and for the love of all things, get someone else to check your plan.
  • You CANNOT ASSUME that even if you hire the best IT company / Cyber security company out there that they know what they’re doing. You better get somebody to check their work.  
  • At a minimum get someone to come in to look at what you're doing for security, your plan, your approach to protect your network, your customers, your employees.
Go to book a 10-minute call with me, Justin Shelley, and we will break it down and show you where the glaring holes in your security are, then give you a road map for success. (28:10)