Stay updated with the latest cybersecurity news.

Carnival Cruise joins Garmin and the list of companies attacked by ransomware

By Reason Cybersecurity

on Thu Aug 20 2020

In Part 1 of our series on ransomware attacks on businesses, we looked at the July, 2020 ransomware attack on multinational tech company, Garmin, and its wide-ranging repercussions. Not only did it disrupt Garmin’s services and cause them significant financial damage, but it also had broader implications as it served to highlight just how vulnerable high-profile companies are to ransomware.

The recent attack on Carnival Cruises underscores this reality. Carnival is the latest multinational company to fall victim to a ransomware attack and the results aren’t pretty. The attack, which was discovered August 15, provided the cyber intruders with unauthorized access to the personal data of Carnival guests and employees… and that’s a lot of data.  As the world’s largest cruise operator, Carnival employs more than 150,000 staff and welcomes over 13 million people aboard its ships every year. Based on the data accessed, Carnival is expecting claims from employees, guests, and shareholders. 

Ransomware + COVID-19 = stormy waters

The attack just adds another layer of struggles to the famous cruise brand which has already taken a big hit as a result of all the cruises they’ve had to cancel thanks to the Covid-19 pandemic. Security experts suspect that the huge number of Carnival employees currently working from home might have exposed the organization’s systems to the attack. This shouldn’t come as a big surprise though since we know that cyber criminals are taking advantage of the pandemic to attack remote workforces and corporate systems. Companies that wisely deploy endpoint security solutions can effectively prevent and mitigate cyberattacks, but at the end of the day employees’ home networks need to be secure too. 

It’s too early to estimate what the financial damage will be, but the final estimate will have to include more than just the cost of the ransom. Ransomware attacks also cause business interruption, loss of revenue, damage to reputation, legal issues, and more. According to a 2019 study by IBM, the average cost of a data breach in the US is $8.19 million. In the past, that probably wouldn’t have caused Carnival to even blink an eye, but coupled with its recent struggles due to Covid-19, Carnival is now sailing through some stormy waters. 

A storm is brewing…

It’s not just companies like Carnival and Garmin that have to worry about ransomware. Ransomware is the biggest online menace today and it is a prominent threat to cities, public companies, multinational companies, and businesses of all sizes. In the first half of 2020 alone there were 121.2 million attacks with 79.9 million of them in the USA. A ransomware storm is brewing, so the question isn’t if there will be another attack, it’s who will be the next victim.