Garmin paid for WastedLocker ransomware decryption key

Fitness giant Garmin paid out for a WastedLocker decryption key after a ransomware attack encrypted its systems and crippled its services.

The firm suffered a worldwide service outage on July 23, which prevented users from uploading exercise data to Garmin Connect and also affected aviation navigation service FlyGarmin.

Although the company initially remained reticent, the incident was widely rumored to have resulted from a ransomware attack. Garmin later issued a statement confirming it was the “victim of a cyberattack that encrypted some of [its] systems.”

“We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition,” the company added.

Sources from within the company revealed that WasterLocker ransomware was responsible, usually attributed to Russian hacking group Evil Corp.

As Evil Corp has featured on the US sanctions list since late last year, prohibiting companies from engaging with the cybercriminal entity, Garmin was placed in a difficult position. The firm could now be subject to further financial penalty, having opted to pay the ransom.

Garmin files reviewed by Bleeping Computer revealed the company obtained the WasterLocker decryptor on either July 24 or July 25. It is unclear how much the firm paid for the decryption key, but operators were reportedly demanding a fee of $10 million.

Source link