Tech Company Garmin Pays Millions After Ransomware Attack

Garmin, a brand associated with a lot of different GPS systems and sports equipment, reportedly paid millions of dollars of ransom after hackers infected its systems with ransomware in late July 2020. According to reports, Garmin hired a professional ransomware negotiation team working with Arete IR to contact the bad actors and make the payment. After making the large payment, the company received its decryption key and restored access to its data and systems.

Garmin's Devices Go Offline After the Ransomware Hits

The attack caused a massive outage across a huge range of Garmin devices and its website that lasted a few days. As the company started to get its infrastructure back up on Jul 27, it also announced it had become the target of a ransomware hit. According to reports, the malware used to attack Garmin was WastedLocker - a strain of ransomware associated with Evil Corp - a body of bad actors operating out of Russia.

Evil Corp Strikes Again?

Evil Corp are also associated with the infamous Dridex malware. The organization was formally sanctioned by the US Treasury in late 2019 and those measures caused one ransomware negotiation company to decline working with Garmin before Arete IR took on the job. Arete IR did not comment on any direct involvement with the incident, due to "confidentiality obligations" to clients.

According to reports by Sky News, the US authorities have not formally linked WastedLocker to Evil Corp and the new ransomware appeared after the sanctions mentioning Dridex were enacted. The general consensus that Garmin ended up paying some sort of chunky ransom sum comes from the fact that there are no known loopholes or exploitable weaknesses in WastedLocker and the only way to restore data seems to be paying the ransom and hoping the bad actors provide a working decryption key.
Garmin have withheld any further comments on the matter.

September 4, 2020