Garmin suffered an outage last month that temporarily took many of the company’s systems and services offline. It later claimed it was the victim of a cyberattack without offering specifics of what caused it. Reports suggested ransomware was involved, and there are some more indications that was the case.
According to Sky News, Garmin paid a “multi-million dollar ransom” via a third-party company called Arete Incident Response to regain access to its files and systems. Engadget has contacted Garmin for comment.
It hasn’t been revealed who was behind the attack nor to whom a ransom (if any) was paid. Some security researchers believe the WastedLocker ransomware (said to be the cause of the outage) is linked to a Russia-based group of cybercriminals known as Evil Corp. The US Treasury sanctioned that organization last year, accusing it of being responsible for developing and distributing another form of malware called Dridex. The sanction “generally prohibited” US persons from “engaging in transactions” with specific companies and people linked to Evil Corp.
Arete Incident Response, which helps companies secure their networks and resolve attacks, recently suggested that WastedLocker was not conclusively the work of Evil Corp. It published a study on that topic the day after Garmin said it was attacked. Arete told Sky News it "follows all recommended and required screenings to ensure compliance with US trade sanctions laws."