by Anna Savelieva
Garmin was attacked with the WastedLocker ransomware virus, which emerged in May and is operated by a hacker group known as Evil Corp. According to one source, the company paid the hackers about $ 10 million through an intermediary.
As a result of the incident, many of Garmin’s online services have become unavailable since the evening of July 22, including the official website, customer support, Garmin Connect user data sync service, flyGarmin aviation navigation service and some production lines in Asia. Many users have lost access to data archives, the ability to sync the results of their workouts with cloud services and the application, as well as download and share tracks. The partner ecosystem, built on open data, also collapsed.
The first suspects were Russian hackers from the Evil Corp group, headed by Maxim Yakubets. The former Ukrainian citizen is wanted by the US law enforcement agencies, and for his capture they are ready to pay a reward of $ 5 million. At the end of last year, Evil Corp came under the sanctions of the US Treasury Department for using the Dridex banking Trojan, which infected tens of thousands of computers around the world and was used for fraud, blackmail and identity theft. In total, the hackers managed to steal over $ 100 million.
Thus, due to the sanctions, Garmin cannot pay the ransom directly, as then it faces criminal prosecution for violating the ban on “deals” with Evil Corp. According to Sky News sources, the company turned to cybersecurity experts, but they did not want to fall under sanctions.
Garmin was next approached for help, Arete IR, which cited four reasons to refute the WastedLocker-Evil Corp connection and paid as part of its ransomware negotiation services.
The U.S. government has also yet to publicly announce a link between WastedLocker and any sanctioned group or individuals.
cybersecurity
Garmin
…
