The multi-million dollar ransom amount was paid to the hackers via a third-party intermediary.
What you need to know
- Wearables maker Garmin reportedly paid a $10 million ransom to cybercriminals to unencrypt its computer files.
- Garmin’s servers were infected with the WastedLocker ransomware on July 22.
- The ransom was apparently paid through Arete IR, which is a New York-based Cybersecurity firm.
Garmin’s services went offline on July 22, after its servers were infected with a strain of ransomware called WastedLocker. The wearables maker finally managed to obtain the decryption key to recover its files on July 27 and began restoring its services. According to a new report from Sky News, Garmin paid a multi-million dollar ransom to the cybercriminals through cybersecurity firm Arete IR.
Per the report, Garmin had initially reached out to another cybersecurity firm that specializes in responding to ransomware attacks. However, the firm disagreed to help Garmin as it “didn’t negotiate ransom payments in WastedLocker cases due to the risk of running foul of the sanctions.”
The wearables maker then made the payment to the cybercriminals through Arete IR, as part of its ransomware negotiation services. Arete claims it hasn’t been proven that Evil Corp is behind the WastedLocker ransomware. Evil Corp is a Russia-based cybercriminal group, which caused over $100 million in financial damages with its Dridex malware. The U.S. Treasury Department sanctioned Evil Corp in December last year, barring Americans from engaging in transactions with individuals or any business entities related to Evil Corp.
In a statement sent to Sky News, an Arete spokesperson said:
Arete has contractual confidentiality obligations to all clients and therefore cannot discuss any client identity or interactions. Arete follows all recommended and required screenings to insure compliance with US trade sanctions laws.
How to get your data off a Garmin watch