Reports suggest Garmin paid a multi-million dollar ransom
Garmin has reportedly paid 10 million US dollars via a third-party company to get its systems up and running after the recent cyber attack.
Essential reading: Top fitness trackers and health gadgets
To remind, the company’s services were down for about 5 days before gradually starting to recover. Garmin initially said there was an “outage” but later admitted it was victim of a cyber attack. However it did not offer very many details.
However, during the outage a number of Garmin staff came out on social media to state that there has been a ransomware attack. Reports followed offering more evidence that this, indeed, was the case.
Bleeping Computer claimed the company was the victim of the WastedLocker virus. This releases malware executables into the victim’s system where they encrypt the files on the server making them inaccessible. Garmin was reportedly asked for $10 million in order to release the code that would allow it to decrypt the data and restore things back to normal.
Was this a ransomware attack?
The whole incident is mostly behind us now but reports are emerging that this was, indeed, a ransomware attack. What’s more, the company may have paid a multi-million ransom to get the password that would enable it to restore the system to working order.
Ten million US dollars might sound like a lot (and it is), but it may have been much cheaper and quicker than repairing the whole system and dealing with the fallout. To put things into perspective, Garmin’s 2019 revenue was $3.75 billion and profits $2.23 billion!
Part of the problem is that it’s not as simple as restoring the system from a backup. It may have been difficult to determine how long the virus was dormant, so the backups could have been affected as well. Also, as its whole operation was down Garmin would need an entire second environment of production to restore the backup to.
Sky News has released some fascinating details. According to the news agency, the virus was released by Russian-based Evil Corp. This is a cyber crime group that was sanctioned by the US Treasury last December due to its decade-long hacking campaign. By imposing sanctions, it’s near-impossible for U.S.-based companies to pay the ransom — even if they wanted to.
Unnamed Sky News sources have revealed that Garmin went through a third-party company called Arete Incident Response to negotiate the ransom and obtain the decryption key. This is an outfit that helps companies secure their networks and resolve attacks.
Who even knew there was a whole industry that works in curbing/helping organisations navigate these types of situations?! But ransomware attacks are not as uncommon as you may think.
Arete told Sky News it “follows all recommended and required screenings to ensure compliance with US trade sanctions laws.” Garmin has told Sky News that “it had no additional comment to make”.
Like this article? Subscribe to our monthly newsletter and never miss out!