Garmin Coming Back Online After Hack — Was $10M Crypto Ransom Paid?

Published at: Aug. 3, 2020

Multinational tech company Garmin may have paid some or all of a $10 million crypto ransom to hackers who managed to encrypt the firm’s internal network and take down several of its services on July 23.

According to an August 1 report from Lawrence Abrams at Bleeping Computer, Garmin’s IT department used a decryptor to regain access to workstations affected by the initial WastedLocker ransomware attack. The malware took down the company’s customer support, navigation solutions, and other online services. 

The news outlet reported that the existence of such a protocol means “Garmin must have paid the ransom to the attackers” as the malware used in the hack has “no known weaknesses in their encryption algorithm.” 

“Garmin's script contains a timestamp of '07/25/2020', which indicates that the ransom was paid either on July 24 or July 25,” stated the report.

Evil Corp responsible 

Cointelegraph reported on July 27 that Russian cybergang Evil Corp was responsible for extorting a $10 million crypto ransom from Garmin following the ransomware attack.

Maksim Yakubets, the leader of the cybercriminal group, had previously been indicted by the U.S. Department of Justice in 2019. He was also listed on the FBI’s Most Wanted list with a reward set at $5 million – the highest amount offered by authorities for the arrest of a cybercriminal.

Garmin ‘returning to operation’

The technology firm’s most recent tweet on July 27 stated that “many of the systems and services affected by the recent outage, including Garmin Connect, are returning to operation.” An update on the company’s website states Garmin was the “victim of a cyber attack,” but makes no references to any ransom. 

Because Evil Corp was officially sanctioned by the U.S. government in 2019, Garmin could face sanctions for admitting it sent any funds to the group. Emisoft threat analyst Brett Callow previously told Cointelegraph that such a payment would “create a legal minefield.” 

“Payment may be the only way for a company to avoid a catastrophic loss of data,” said Callow. “But it may be illegal for the company to make that payment.”

Pay up, or else

Other companies targeted by ransomware groups have ended up paying millions in crypto ransom demands rather than risk losing business while computer access is restored or sensitive information is released. 

U.S.-based travel firm CWT negotiated with ransomware hackers, haggling on the price of a ransom over a malware attack down from $10 million to $4.5 million in Bitcoin (BTC). The University of California at San Francisco School of Medicine also reportedly paid more than $1 million in crypto as part of a ransom for a June 1 hack.

Cointelegraph reached out to Garmin for comment, but received no reply as of press time.

Tags
Related Posts
Researchers Say Ransomware Attacks on the Rise as More People Work From Home
A study published by cybersecurity firm, Proofpoint, shows an increase in email-based phishing attacks used to deliver ransomware over the last few months. According to the report, first-stage deployments of ransomware are reportedly on the rise and have mostly been targeting the United States, France, Germany, Greece, and Italy. The attacks appear to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. Research additionally indicates that the ransom demands are very low compared to the amounts usually seen in these attacks. Lower than average ransoms A ransomware application called “Mr. Robot” has mostly targeted …
Technology / June 29, 2020
Ransomware Gang Failed to Deploy an Attack Against 30 US Firms
Cybersecurity firm Symantec blocked a ransomware attack by a group known for demanding payment in Bitcoin (BTC) directed at 30 U.S.-based firms and Fortune 500 companies. The announcement published by the cybersecurity firm claims that the Evil Group, the malware gang behind the attacks, targeted the IT infrastructures of the firms. Still, the companies were alerted in time to prevent deployment of the ransomware. The group used the ransomware WastedLocker and managed to breach the security of the victims' networks and unsuccessfully attempted to laying the ground for staging the attacks. Gang asks for million-dollar payments Cointelegraph reported recently a …
Technology / June 28, 2020
Ransomware Gang Seeks Million Dollar PayDay
A malware group called Evil Corp is reportedly back in action, having recently launched a new ransomware which asks its victims to pay a million dollar ransom. The group had previously gone quiet after the U.S. Department of Justice charged some of its members in December 2019. According to a report published on June 23 by the cybersecurity firm Fox-IT, a division of NCC Group, Evil Corp has been active since 2007 — the group is considered to be one of the biggest cybercrime teams on the internet. They are known for using the Dridex malware and BitPaymet ransomware. U.S. …
Technology / June 23, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
A New Ransomware Deploys Human-Operated Attacks Against Healthcare Sector
Microsoft's security team revealed a new ransomware that is deployed in human-operated attacks. It uses "brute force" against a target company's systems management server, and mainly has targeted the healthcare sector amid the COVID-19 crisis. According to a series of tweets published by the tech giant on May 27, the human-operated ransomware attack, named "PonyFinal", requires hackers to break the security scheme of corporate networks in order to deploy the ransomware manually. That means PonyFinal doesn't rely on tricking the users into launching the payload through phishing links or emails. A Java-based ransomware attack The Java-based Pony Final deploys a …
Technology / May 28, 2020