Garmin Reportedly Paid Millions To Cybercriminals In Crippling Ransomware Attack
If Garmin did not already have a giant target on its back, it sure does now, if a report that it paid a multi-million dollar ransom to hackers is true. Speaking on the condition of anonymity, sources cited as being familiar with the matter told Sky News that Garmin hired a company that specializes in ransomware negotiations to resolve a recent cyber intrusion.
While nothing has been official confirmed, it was reported last week that a major outage affecting nearly every facet of Garmin's operations was the result of a ransomware strain called WastedLocker.
"We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience," Garmin stated on its website at the time.
Ransomware is a type of malware that locks people out of their systems, via encryption, sometimes with the threat of permanently deleting files if payment is not made (typically in Bitcoin). It's not clear what kind of threat Garmin was under, but apparently the company buckled, rather than taking a hard-line stance of not negotiating with cyber-criminals, if the report is accurate.
It is believed that a cyber crime group in Russia called Evil Corp is responsible for developing WastedLocker. Interestingly, that organization is sanctioned by the US Treasury, meaning "US persons are generally prohibited from engaging in transactions" with the outfit, even when extortion is involved.
Various sources relayed to Sky News that the first ransomware negotiation company Garmin sought out opted not to participate, because of the sanction. However, a company called Arete IR took Garmin on as a client, and resolved the matter by forking over millions of dollars, according to those sources.
Garmin may have wanted to get its services back up and running as quickly as possible and move on from this incident, but ultimately paying the ransom (if it did) sends a message to hackers that it is willing to negotiate in these kinds of situations.