Profile picture
, 10 tweets, 3 min read
My Authors
Read all threads
BREAKING: BleepingComputer has confirmed that Garmin received decryptor for their WastedLocker Ransomware attack.
bleepingcomputer.com/news/security/…
BleepingComputer has been able to obtain the decryptor received by Garmin after they likely paid the ransom to the WastedLocker operators.
The decryptor was included in a workstation restoration package created by Garmin's IT department that decrypts a workstation and then installs a variety of security software. Image
The embedded script clearly indicates that the package was created by the APAC division of Garmin's IT department. Image
Analysis of the WastedLocker ransomware shows its encryption algorithms to be secure, so it not possible to create a free decryptor. Based on the timestamp in the script, the ransom was likely paid and decryption received on July 24th or 25th.
To confirm that this was a valid decryptor, BleepingComputer encrypted a virtual machine using the WastedLocker sample we discovered used in Garmin's attack. We were then able to use the decryptor to recover our files.
As WastedLocker is attributed to Evil Corp, who has been sanctioned by the US govt, this can become quite a sticky situation for Garmin.
research.nccgroup.com/2020/06/23/was…
Research firm @Arete_Advisors does not believe WastedLocker was created by Evil Corp, so there is opposing research in this area.
areteir.com/wp-content/upl…
Sorry @Twitter, this headline does tell the full story. Get back to tweaking your algorithms. Image
What we were told. Similar response to our queries.
news.sky.com/story/garmin-p…
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with BleepingComputer

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @BleepinComputer see all

Profile picture
BleepingComputer
@BleepinComputer
TrickBot's new Linux malware covertly infects Windows devices - @LawrenceAbrams
bleepingcomputer.com/news/security/…
TrickBot has ported their Windows Anchor_DNS malware to a native Linux malware executable that can also be used to infect other Windows devices on the network.
TrickBot's Anchor platform is used for high-value/high-impact targets where ransomware may be deployed, or more APT-like attacks targeting point-of-sale and financial systems.
labs.sentinelone.com/the-deadly-pla…
hello.global.ntt/zh-cn/insights…
cybereason.com/blog/dropping-…
Read 9 tweets
Profile picture
BleepingComputer
@BleepinComputer
Windows 10 Alert: Defragger bug defrags SSD Drives too often - @LawrenceAbrams
bleepingcomputer.com/news/microsoft…
The general consensus has always been that you should not defrag an SSD drive to prevent unnecessary wear and tear.
Based on an article by Microsoft's Scott Hanselman, Windows 10 performs a defrag of SSDs once a month if volume snapshots are enabled.
hanselman.com/blog/TheRealAn…
Read 8 tweets
Profile picture
BleepingComputer
@BleepinComputer
List of well-known web sites that port scan their visitors - @LawrenceAbrams
bleepingcomputer.com/news/security/…
Last week we reported on eBay port scanning their visitor's computer for remote access programs. These scans are part of an anti-fraud product and are most likely used to find compromised computers making fraudulent purchases.
bleepingcomputer.com/news/security/…
While anti-fraud measures are important for any e-commerce site, many felt that a site port scanning your computer when you visit it was too intrusive.
Read 8 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!