In July 2020, Garmin, the manufacturer of wearable electronics and navigation equipment, suffered from a cyberattack and was forced to temporarily shut down a number of services. Now there is information in the media that Garmin has paid the ransom to the WastedLocker malware operators.
At the same time, the incident affected not only wearable gadgets and related services, but also flyGarmin and Garmin Pilot – solutions that support the company’s line of aviation navigation equipment.
The outage also affected call centers, making the company unable to answer calls, emails, and online chats.
“We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience”, — said official Garmin statement.
From the very beginning, cybersecurity specialists believed that Garmin suffered from the WastedLocker ransomware attack, and as a result, the manufacturer issued an official statement confirming that the incident linked with a ransomware attack. However, the company representatives have not yet revealed what kind of malware was used for this attack.
Now Bleeping Computer journalists have confirmed that Garmin, which started restoring its services last week, received a key to decrypt files, affected by WastedLocker malware.
Representatives of the publication checked the work of the decryptor using the example of the WastedLocker sample, which previously had at their disposal and which was clearly used to attack the company.
“The decryptor worked as expected and decrypted the files”, – reported Bleeping Computer journalists.
The journalists are sure that for this the company paid a ransom to the attackers. Exact amount is unknown, but earlier it was reported that the attackers demanded $10 million from Garmin.
Decryptor work:
Let me remind you that WastedLocker activity began in May 2020, and the authorship of this malware is attributed to the Evil Corp group, which is often associated with the Russian special services.
Previously, the ransomware was used exclusively against American companies, and the ransom amounts that Evil Corp demanded from the victims are estimated at millions of dollars. For example, cybersecurity researchers know of a case when hackers asked a company for $10,000,000. In June 2020, analysts wrote that at least 31 American organizations and companies were affected by WastedLocker attacks.