Smartwatch maker Garmin paid a multi-million-dollar ransom to hackers who encrypted its data, according to a report. This news comes almost two weeks after Garmin was the victim of a ransomware attack that affected its devices globally. In ransomware attacks, hackers encrypt a company’s files until a ransom is paid. Security sources say that the cyberattack was developed by individuals who have links to Evil Corp, a cyber group in Russia which was sanctioned by the US Government last year.
As per a report by Sky News, Garmin did not directly pay the ransomware to the hackers. Instead, it hired Arete IR for its ransomware negotiation services to make the multi-million dollar ransom payment. The US government had sanctioned Evil Corp in December, saying that US persons were prohibited from engaging in transactions with the 17 individuals and seven business entities linked to Evil Corp, even in the case of extortion.
Arete IR, however, said that it believed WastedLocker, a ransomware virus associated with the attack, was not conclusively the work of Evil Corp.
According to the report, Garmin initially wanted to pay the ransom using a firm that specialised in dealing with such incidents, but couldn’t as the firm did not want the risk of going against the sanctions imposed by the US government. Garmin then sought the services of Arete IR, according to whom links between the WastedLocker ransomware and sanctioned individuals had not been proven.
So far, the US government has not yet made a public attribution linking Evil Crops to WastedLocker. As media reports started emerging naming WastedLocker as the ransomware virus used to target Garmin, Arete put out a report on twitter that claimed that the theory linking Wastedlocker to Evil Corp was inconclusive.
Garmin services faced a major outrage globally due to the ransomware attack that took place on July 23. Garmin devices were affected globally, along with the company’s call centre and support group. While Garmin had acknowledged being a victim of the cyberattack, it did not specify that it was the target of a ransomware attack as well.