Earlier this week, wearable electronics and navigation technology maker Garmin suffered a cyberattack and was forced to temporarily shut down a number of services. At the same time, the incident affected not only wearable gadgets and related services, but also flyGarmin and Garmin Pilot – solutions that support the company's line of aviation navigation equipment.
From the very beginning, cybersecurity experts believed that Garmin suffered from the WastedLocker ransomware attack, and now the manufacturer has published Official statementconfirming that the incident was indeed related to a ransomware attack. However, the company's representatives have not yet named the specific type of malware used in this attack.
The company says it has already begun to gradually return its services to the system. In particular, Garmin Connect and aviation services are already operational (although some are still functioning with restrictions). You can follow the progress of the recovery on special page…
Edition Bleeping computer, referring to its own sources, confidently states that the WastedLocker operators are behind the attack. For example, the journalists had at their disposal a screenshot showing a list of encrypted files on the affected machine. The .garminwasted extension has been added to filenames.
Soon, researchers were able to find the same strain WastedLockeras used in the attack on Garmin. It turned out that this version of the ransomware actually adds the .garminwasted extension to the files and creates a ransom note addressed specifically to Garmin.
According to Bleeping Computer, the attack on Garmin began with the company's Taiwan division, and the attackers demanded a ransom of $ 10,000,000 for decrypting the files.
Let me remind you that WastedLocker activity began in May 2020, and the authorship of this malware is attributed to the Evil Corp group, which is often associated with the Russian special services. Previously, the ransomware was used exclusively against American companies, and the ransom amounts that Evil Corp demanded from the victims are estimated at millions of dollars. For example, cybersecurity researchers know of a case when hackers asked a company for $ 10,000,000. In June 2020, analysts wrote that at least 31 American organizations and companies were affected by WastedLocker attacks.