Garmin paid millions of dollars to hackers after ransomware attack

Smartwatch maker, Garmin Services paid a multimillion dollar ransom to recover its data from hackers after they held the files for ransom, Sky News reported Monday.

The GPS company was the victim of a major ransomware attack last month that led to a multi-day outage of its services including its smartwatches and aviation products.

Garmin paid the money through cybersecurity firm Arete IR after the first firm they sought out turned down the job due to concerns about dealing with sanctioned individuals, according to Sky News.

The malware used against Garmin has been attributed to Evil Corp, a Russia-based hacker group that was placed on a US sanctions list last year, according to Bleeping Computer.

Several media reports said at the time that the attack involved ransomware, a type of software custom-tailored to encrypt a company’s files until a ransom is paid, though Garmin did not publicly name the type of attack.

Bleeping Computer reported that Garmin had been targeted by Wastedlocker, a specific ransomware virus that is attributed to a Russia-based hacking group called Evil Corp, and that the group had demanded $10 million (R170 million) for the files.

Since the US Treasury Department had sanctioned Evil Corp last year following its cyber heist of more than $100 million (R1.7 billion) from banks around the world, Garmin risked running afoul of the sanctions and incurring fines by paying the ransom.

The first cybersecurity company Garmin asked to help it pay the ransom turned down the job, citing the sanctions as its reason for refusing to provide its services in cases involving Wastedlocker, Sky News reported.

Garmin then turned to another firm, Arete IR, which doesn’t believe Evil Corp is necessarily behind Wastedlocker and ultimately worked with the company to help it pay the ransom, according to Sky News.

As media reports circulated last month naming Wastedlocker as the ransomware used against Garmin, Arete tweeted a link to a report it had published that claimed security research linking the ransomware to Evil Corp was “not conclusive.”

Garmin and Arete IR did not immediately respond to requests for comment.

READ ALSO:

China Orders Closure Of US Consulate In Chengdu

Share: