- Garmin paid a multimillion dollar ransom to recover its data from hackers after they held the files for ransom, Sky News reported Monday.
- The GPS company was the victim of a major ransomware attack last month that led to a multi-day outage of its services including its smartwatches and aviation products.
- Garmin paid the money through cybersecurity firm Arete IR after the first firm they sought out turned down the job due to concerns about dealing with sanctioned individuals, according to Sky News.
- The malware used against Garmin has been attributed to Evil Corp, a Russia-based hacker group that was placed on a US sanctions list last year, according to Bleeping Computer.
- Visit Business Insider’s homepage for more stories.
GPS and aviation tech company Garmin paid a multi-million dollar sum to hackers in an effort to recover data that the group had held hostage in a ransomware attack last month, Sky News reported on Monday.
On July 23, Garmin’s services, which range from smartwatches to aviation products, suffered a major outage. Several days later, the company confirmed that the outage was due to a cyberattack.
Several media reports said at the time that the attack involved ransomware, a type of software custom-tailored to encrypt a company’s files until a ransom is paid, though Garmin did not publicly name the type of attack.
Bleeping Computer reported that Garmin had been targeted by Wastedlocker, a specific ransomware virus that is attributed to a Russia-based hacking group called Evil Corp, and that the group had demanded $10 million for the files.
Since the US Treasury Department had sanctioned Evil Corp last year following its cyber heist of more than $100 million from banks around the world, Garmin risked running afoul of the sanctions and incurring fines by paying the ransom.
The first cybersecurity company Garmin asked to help it pay the ransom turned down the job, citing the sanctions as its reason for refusing to provide its services in cases involving Wastedlocker, Sky News reported.
Garmin then turned to another firm, Arete IR, which doesn't believe Evil Corp is necessarily behind Wastedlocker and ultimately worked with the company to help it pay the ransom, according to Sky News.
As media reports circulated last month naming Wastedlocker as the ransomware used against Garmin, Arete tweeted a link to a report it had published that claimed security research linking the ransomware to Evil Corp was "not conclusive."
WastedLocker is a new variant of #ransomware that was initially reported in May and is rumored to have come from the "Evil Corp" group. In this insight, we discuss the four main reasons why Arete experts determined this theory to be inconclusive. (https://t.co/fZUmHCXMMn) pic.twitter.com/hvdMNEEVpe
— Arete Incident Response (@Arete_Advisors) July 24, 2020
Garmin and Arete IR did not immediately respond to requests for comment.