Cybersecurity Update: Twitter and Garmin

The following article shares updates from the recent Twitter incident and Garmin ransomware attack.

Over the past month there has been an influx of cybersecurity incidents grabbing national headlines due to the targets and impact, namely the Twitter bitcoin scam impacting high profile accounts as well as the Garmin ransomware attack which grounded athletes and flights across the world. Our cybersecurity team covered the initial reports of the incidents in our Focus on Cybersecurity newsletter and the Our Thoughts On blog.

With the focus shifting from the initial outages to fallout and remediation steps, this article provides an update on the pending criminal charges for those suspected in the Twitter attack and Garmin’s reported decision to pay a multi-million dollar ransom to restore their systems.

Twitter Bitcoin Scam Update

The popular social media platform Twitter suffered one of the most high profile cybersecurity attacks in recent history when more than 100 accounts were hijacked in a cryptocurrency scam, including public figures such as Elon Musk, Jeff Bezos and former president Barack Obama, as well as companies such as Apple and Uber. In addition to the reputational damage associated with these types of account, the scammers reportedly netted more than $100,000 in just a few hours. 

During the attack a group of hackers contacted media outlet VICE claiming responsibility for the attacks with screenshots indicating they had gained access to Twitter’s administrative tool through paying insiders, which allowed them to set up email addresses that enabled users to reset account passwords and tweet under different accounts.

Other than stating an employee was targeted by a social engineering account, Twitter has been mostly silent on the attack. The FBI launched an investigation and on July 31, 2020, the United States Department of Justice announced the arrest of the following individuals and the charges related to the attack:

  • Mason “Chaewon” Sheppard – a 19-year old from the United Kingdom  charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer
  • Nima “Rolex” Fazeli – a 22-year old from Orlando, Florida  charged with aiding and abetting the intentional access of a protected computer
  • Graham Ivan Clark – a 17-year old from Tampa, Florida. The supposed mastermind of the attack, Clark’s name and charges were not disclosed from the US Department of Justice due to his status as a minor, but Tech Crunch verified his identity following the federal announcement. 

With arrests made and charges pending, it will be interesting to see what is next for those in custody or if additional arrests are made, and more so if Twitter will shed any more light on the incident beyond the initial statement. Although in a bit of irony, the virtual Zoom hearing for Clark got off to a rough start after the screen was zoom bombed multiple times… a security issue that we discussed since the shift to remote working way back in April.

Garmin Ransomware Update

As discussed in our recent article, navigation and smart device maker Garmin was hit with a massive ransomware attack that halted a number of their services including Garmin Connect, which powered popular consumer wearable technology and flyGarmin, flight planning software pilots rely on for aircraft navigation. The attack is believed to have been orchestrated by the Russian hacker group known as Evil Corp who reportedly demanded a $10M ransom in order to free their files from encryption.

Garmin eventually restored their systems and a recent report from Sky News indicates Garmin paid a multi-million dollar ransom through Arete Incident Response, a third-party cybersecurity firm. Reports also state that Garmin initially reached out to another firm who declined the case due to the fact the Evil Corp, the group believed to be behind the attack, is currently on the US Treasury Department sanction list and transacting with them would violate the sanctions and open them up to fines. While it is important to note neither Garmin, Arete or Evil Corp have confirmed any of the reports or responded to media inquiries, Arete did release a whitepaper the day after the attack reporting that evidence linking WastedLocker to Evil Corp was inconclusive.

Garmin has released a public statement that simply states they were victims of a cyber-attack without any specifics and provide some clarity on customer data safety, including payment information from Garmin Pay.

The full account of how the attack happened and how the files were restored will most likely never be revealed, but this attack is another unfortunate reminder of how dangerous and costly not taking cybersecurity seriously can be for any organization.

Be in the Know

With new attacks happening on what sometimes feels like an hourly basis, the headlines of today can become thoughts of yesterday rather quickly, when in reality, some of the most interesting stories and important lessons learned are based on the fallout of the incidents. We invite you to keep up with the latest in the cybersecurity world with our Focus on Cybersecurity newsletter. Our bi-weekly communication provides a roundup of relevant news, current events and original articles from our team such as this. You can sign-up at

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit or contact the team at [email protected]

In addition, our Incident Response Team is available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
US Lawmakers Look to Set Federal Cyber Breach Alert Standard
How To Scope a SOC 2 Audit
Do I Need a SOC 2 Type 1 Before a SOC 2 Type 2?
Why Do CPA Firms Perform SOC 2 Audits?
What Financial Institutions Need to Know About R-SAT
Fact or Fiction: SOC 2
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222

[email protected]
p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215

[email protected]
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102

[email protected]

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.