IT NewsMarket newsSecurity
Anna Savelieva | 08/04/2020
Garmin was attacked with the WastedLocker ransomware virus, which emerged in May and is operated by a hacker group known as Evil Corp. According to one of the sources, the company
paid the hackers through an intermediary about $ 10 million.
As a result of the incident, since the evening of July 22, many Garmin online services have become unavailable, including the official website.
customer service, Garmin Connect user data sync service, flyGarmin aviation navigation service and selected product lines in Asia. Many users
lost access to data archives, the ability to synchronize the results of their workouts with cloud services and the application, as well as download and share tracks. Ecosystem of partners,
built on open data has also failed.
For several days, the company remained silent and did not disclose the details of the incident, limiting itself to a small announcement eight hours after the shutdown of services. It reported that in
As a result of an outage affecting Garmin.com, Garmin Connect and call centers, receiving calls, emails, and answering online chats is temporarily impossible. Notice on
Russian was even shorter.
The first suspects were Russian hackers from the Evil Corp group, headed by Maxim Yakubets. A former citizen of Ukraine is wanted by US law enforcement agencies, and for his capture
ready to pay a reward of $ 5 million. At the end of last year, Evil Corp was sanctioned by the US Treasury Department for using the Dridex banking trojan, which infected tens of thousands
computers around the world and was used for fraud, blackmail and identity theft. In total, the hackers managed to steal over $ 100 million.
Thus, due to the sanctions, Garmin cannot pay the ransom directly, as then it faces criminal prosecution for violating the ban on “deals” with Evil Corp. According to the sources of the publication
Sky News, the company turned to cybersecurity specialists, however, they did not want to fall under sanctions.
The next person to whom Garmin came for help was Arete IR, which led four
argumentdenying the connection between WastedLocker and Evil Corp, and made the payment as part of its ransomware negotiation services.
The U.S. government has also yet to publicly announce a link between WastedLocker and any sanctioned group or individuals.