Multinational tech company Garmin may have paid some or all of a $10 million crypto ransom to hackers who managed to encrypt the firm’s internal network and take down several of its services on July 23.
According to an August 1 report from Lawrence Abrams at Bleeping Computer, Garmin’s IT department used a decryptor to regain access to workstations affected by the initial WastedLocker ransomware attack. The malware took down the company’s customer support, navigation solutions, and other online services.
The news outlet reported that the existence of such a protocol means “Garmin must have paid the ransom to the attackers” as the malware used in the hack has “no known weaknesses in their encryption algorithm.”
“Garmin's script contains a timestamp of '07/25/2020', which indicates that the ransom was paid either on July 24 or July 25,” stated the report.
Evil Corp responsible
Cointelegraph reported on July 27 that Russian cybergang Evil Corp was responsible for extorting a $10 million crypto ransom from Garmin following the ransomware attack.
Maksim Yakubets, the leader of the cybercriminal group, had previously been indicted by the U.S. Department of Justice in 2019. He was also listed on the FBI’s Most Wanted list with a reward set at $5 million – the highest amount offered by authorities for the arrest of a cybercriminal.
Garmin ‘returning to operation’
The technology firm’s most recent tweet on July 27 stated that “many of the systems and services affected by the recent outage, including Garmin Connect, are returning to operation.” An update on the company’s website states Garmin was the “victim of a cyber attack,” but makes no references to any ransom.
Because Evil Corp was officially sanctioned by the U.S. government in 2019, Garmin could face sanctions for admitting it sent any funds to the group. Emisoft threat analyst Brett Callow previously told Cointelegraph that such a payment would “create a legal minefield.”
“Payment may be the only way for a company to avoid a catastrophic loss of data,” said Callow. “But it may be illegal for the company to make that payment.”
Pay up, or else
Other companies targeted by ransomware groups have ended up paying millions in crypto ransom demands rather than risk losing business while computer access is restored or sensitive information is released.
U.S.-based travel firm CWT negotiated with ransomware hackers, haggling on the price of a ransom over a malware attack down from $10 million to $4.5 million in Bitcoin (BTC). The University of California at San Francisco School of Medicine also reportedly paid more than $1 million in crypto as part of a ransom for a June 1 hack.
Cointelegraph reached out to Garmin for comment, but received no reply as of press time.