Fitness giant Garmin paid out for a WastedLocker decryption key after a ransomware attack encrypted its systems and crippled its services.
The firm suffered a worldwide service outage on July 23, which prevented users from uploading exercise data to Garmin Connect and also affected aviation navigation service FlyGarmin.
Although the company initially remained reticent, the incident was widely rumored to have resulted from a ransomware attack. Garmin later issued a statement confirming it was the “victim of a cyberattack that encrypted some of [its] systems.”
“We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition,” the company added.
Sources from within the company revealed that WasterLocker ransomware was responsible, usually attributed to Russian hacking group Evil Corp.
As Evil Corp has featured on the US sanctions list since late last year, prohibiting companies from engaging with the cybercriminal entity, Garmin was placed in a difficult position. The firm could now be subject to further financial penalty, having opted to pay the ransom.