Garmin has paid the $10 million ransom fee to decrypt their files as reported by Sky News. Hackers demanded the fee at the end of July after they breached Garmin’s computer systems.
At the start of August, reportedly the company had obtained the encryption key to recover its files. However, it has transpired that Garmin paid the $10 million ransom fee for this recovery.
Garmin has recently expanded its solar technology smartwatch range. This brought in more adventure and military-grade smartwatches so such an attack could not have come at a worse time.
Garmin pay ransom fee after attack
Security sources believe the ransomware attack originated from individuals linked to Evil Corp. This is a cybercrime group based in Russia and has previously been sanctioned by the U.S. treasury.
Garmin paid the ransom fee through a negotiation business called Arete IR. Reportedly, the company planned to pay the fee through a different negotiation company but that company refused to negotiate in these incidents. This is in order to not fall foul of sanctions when paying these ransom fees.
If security services proved that the breach was linked to Evil Corp then negotiating and paying the fee would be classed as breaking sanctions. Thus far there is still much debate as to where the hack originated from and whether the individuals are linked to any sanctioned organization.
Ransomware attacked attributed to WastedLocker virus
Reports suggest that this ransomware attack originated from the WastedLocker virus. However, Arete IR still disputes some of the evidence. Criminals developed the virus after the U.S. Treasury’s sanctions and as a result they not specifically mention them.
Garmin did not directly make the payment to the hackers and did so through a Arete IR. The negotiation company made a comment on the situation. It said, “Arete has contractual confidentiality obligations to all clients and therefore cannot discuss any client identity or interactions.”
Hardly a surprising position given the situation. However, the company was quick to remove doubt that the virus originated from sanctioned groups. The statement read “Arete follows all recommended and required screenings to insure compliance with US trade sanctions laws.”
Garmin itself made no additional comment. Clearly the company is keen to move on from this situation and put it behind them.
Ransomware attacks are becoming more and more prevalent in the technology industry. This is probably a warning shot for many companies. Hacking is likely to become an more important part of our society so how companies combat it will be key.