Garmin reportedly paid hackers a large ransom to recover files after a cyberattack
- Garmin paid a multimillion dollar ransom to recover its data from hackers after they held the files for ransom, Sky News reported Monday.
- The GPS company was the victim of a major ransomware attack last month that led to a multi-day outage of its services including its smartwatches and aviation products.
- Garmin paid the money through cybersecurity firm Arete IR after the first firm they sought out turned down the job due to concerns about dealing with sanctioned individuals, according to Sky News.
- The malware used against Garmin has been attributed to Evil Corp, a Russia-based hacker group that was placed on a US sanctions list last year, according to Bleeping Computer.
- Visit Business Insider's homepage for more stories.
GPS and aviation tech company Garmin paid a multi-million dollar sum to hackers in an effort to recover data that the group had held hostage in a ransomware attack last month, Sky News reported on Monday.
On July 23, Garmin's services, which range from smartwatches to aviation products, suffered a major outage. Several days later, the company confirmed that the outage was due to a cyberattack.
Several media reports said at the time that the attack involved ransomware, a type of software custom-tailored to encrypt a company's files until a ransom is paid, though Garmin did not publicly name the type of attack.
Bleeping Computer reported that Garmin had been targeted by Wastedlocker, a specific ransomware virus that is attributed to a Russia-based hacking group called Evil Corp, and that the group had demanded $10 million (R170 million) for the files.
Since the US Treasury Department had sanctioned Evil Corp last year following its cyber heist of more than $100 million (R1.7 billion) from banks around the world, Garmin risked running afoul of the sanctions and incurring fines by paying the ransom.
The first cybersecurity company Garmin asked to help it pay the ransom turned down the job, citing the sanctions as its reason for refusing to provide its services in cases involving Wastedlocker, Sky News reported.
Garmin then turned to another firm, Arete IR, which doesn't believe Evil Corp is necessarily behind Wastedlocker and ultimately worked with the company to help it pay the ransom, according to Sky News.
As media reports circulated last month naming Wastedlocker as the ransomware used against Garmin, Arete tweeted a link to a report it had published that claimed security research linking the ransomware to Evil Corp was "not conclusive."
WastedLocker is a new variant of #ransomware that was initially reported in May and is rumored to have come from the "Evil Corp" group. In this insight, we discuss the four main reasons why Arete experts determined this theory to be inconclusive. (https://t.co/fZUmHCXMMn) pic.twitter.com/hvdMNEEVpe— Arete Incident Response (@Arete_Advisors) July 24, 2020
Garmin and Arete IR did not immediately respond to requests for comment.
Receive a daily update on your cellphone with all our latest news: click here.
Get the best of our site emailed to you daily: click here.
Also from Business Insider South Africa:
- It’s official: you can stay in a hotel or resort for fun again – but not an Airbnb
- 10 of South Africa’s most beautiful spots to stargaze – including a quiver tree forest and dark-sky reserve
- The second-biggest city in Australia now has a curfew and a 5km travel limit
- Joburg is a coronavirus hotspot – but you can still walk the streets on a (small) guided tour
- 10 perfectly timed photos of dogs jumping through the air