Garmin ‘paid multi-million dollar ransom’ via Arete IR intermediaries

The smartwatch maker obtained the decryption key after relying on third-party services to pay a figure reported as $10 million

Garmin paid a multi-million-dollar ransom in order to obtain the decryption key and recover its files after it was reportedly attacked by WastedLocker, a ransomware strain deployed by EvilCorp.

The smart devices maker paid the sum through a ransomware negotiation business known as Arete IR, according to Sky News, which claims to have spoken to people with knowledge of the matter. 

The company had initially sought to pay the ransom using an intermediary specialising in ransomware negotiations, although that company told Sky News it doesn’t negotiate ransom payments in WastedLocker ransom due to the potential sanctions involved.

Advertisement - Article continues below

After being turned down by this company, Garmin then approached Arete IR. Sources added that Garmin didn’t directly make a payment to the hackers, but that Arete IR made the payment as part of its negotiation services.

27/07/20: Garmin hackers demand $10 million following  ‘ransomware attack’

Cyber attackers with EvilCorp are reportedly demanding a $10 million ransom from the wearable maker Garmin following an attack that crippled its systems and knocked services offline last week.

Hackers deployed the WastedLocker malware to encrypt systems on Garmin’s network leading to a global outage of various services and products, according to BleepingComputer, having spoken to several sources.

Advertisement
Advertisement - Article continues below

The outage even extended to flyGarmin, the company’s aviation database services, with EvilCorp promising to return data at the cost of $10 million.

A source told BleepingComputer they first learned of the attack on Thursday morning, with Garmin’s IT department trying to remotely shut down all computers on the network while devices were being encrypted. A photograph showed that encrypted files were then shared with the .garminwasted extension, alongside ransom notes.

Advertisement - Article continues below

The company first reported the outage following these events, but without any confirmation that it had suffered a ransomware attack. Reports from Thailand suggested the shutdown of Garmin services was due to a “virus”, with the company also shutting down its production lines for two full days.

Garmin has since published an update on the “outage” suggesting there is no indication the outage affected customer data, including activity, payment information or other personal data. Customers are also being assured data collected during the outage are stored on their devices and uploaded to company servers once services are fully restored.

As of now, all services are back up-and-running in some capacity, with many experiencing “limited” uptime. There has still been no confirmation from the company as to whether or not it suffered a ransomware attack last week.

This story has been updated to reflect new information. The original story is published below.

Advertisement - Article continues below

24/07/20 - Garmin services offline after suspected ransomware attack

Smartwatch and wearable devices manufacturer Garmin has had its internal systems knocked offline in what many speculate is the result of a ransomware attack.

The company reported last night that its services were down as a result of the company “experiencing an outage”, following user complaints of an inability to synchronise their apps with Garmin servers.

The company released a statement confirming Garmin.com and Garmin Connect, an online fitness community, were down, with the outage also affecting its call centres, with staff unable to receive any calls, emails or online chats.

Advertisement
Advertisement - Article continues below

Reports circulating online, however, suggest the lengthy outage is the result of a cyber attack, namely ransomware, although the company hasn’t confirmed whether or not it’s been targeted by cyber criminals. IT Pro approached Garmin to gain further clarification.

BBC News cyber reporter Joe Tidy, for example, was told that Evil Corp, an international cyber crime network with ties to Russia, targeted the smartwatch maker last night. This group only last month targeted at least 31 US companies, aiming to cripple their networks and demand ransoms, according to BBC News.

Advertisement - Article continues below

Thaiwanese publication IThome, meanwhile, has reported that Garmin’s production line has been hit, with operations set to be suspended for two full days due to IT servers being attacked by “a virus”, according to an internal company memo.

Related Resource

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

Speculating that the outage is the result of a cyber attack, Carl Weam, head of e-crime at Mimecast, suggested it would not come as a surprise, given that the use of ransomware continues to grow in popularity.

“The key thing is that as long as organisations continue to pay, attackers will view this attack approach as being financially viable,” Weam said. “This particular attack is also worrying because of the type of data that could be lost, including both location and personal health data. When consumers trust organisations with this data, it is vital that it is kept secure.”

“In this instance, the victim has experienced lengthy downtime as a result of this attack, which will of course have a massive impact upon the business. Our research found that the average downtime an organisation suffers from a ransomware attack is three days, but this can of course be indefinite and lead to failure of a business.”

Businesses and the security community will be on particularly high alert given the recent ransomware attack against Blackbaud, the database services company, which led to the compromise of data belonging to at least a dozen international clients.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

How can you protect your business from crypto-ransomware?
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020