In July 2020, the manufacturer of wearable electronics and navigation equipment, Garmin, suffered from a cyber attack and was forced to temporarily shut down a number of services. At the same time, the incident affected not only wearable gadgets and related services, but also flyGarmin and Garmin Pilot – solutions that support the company's line of aviation navigation equipment.
From the very beginning, cybersecurity specialists believed that Garmin suffered from the WastedLocker ransomware attack, and as a result, the manufacturer issued an official statement confirming that the incident was indeed connected with a ransomware attack. However, the company's representatives have not yet revealed what kind of malware was used for this attack.
Now the journalists of the publication Bleeping computer confirmed that Garmin, which started restoring its services last week, received a key to encrypt files affected by WastedLocker malware.
Representatives of the publication checked the work of the decryptor using the example of the WastedLocker sample, which was previously at their disposal and was clearly used to attack the company. The decryptor worked as expected and decrypted the files.
The journalists are sure that for this the company paid a ransom to the attackers. It is not known exactly what amount is in question, but earlier it was reported that the attackers demanded $ 10 million from Garmin.
Let me remind you that WastedLocker activity began in May 2020, and the authorship of this malware is attributed to the Evil Corp group, which is often associated with the Russian special services. Previously, the ransomware was used exclusively against American companies, and the ransom amounts that Evil Corp demanded from the victims are estimated at millions of dollars. For example, cybersecurity researchers know of a case when hackers asked a company for $ 10,000,000. In June 2020, analysts wrote that at least 31 American organizations and companies were affected by WastedLocker attacks.