Garmin resumes services, might have paid ransom to Evil.Corp

Garmin appears to have paid at least a portion of the ransom demanded by its attackers in exchange for the decryptor as its services are running again.

By · Aug 3, 2020 . 5min read

Garmin news

We had reported last week on how multinational tech company Garmin was the victim of a ransomware attack. Attackers encrypted the files on Garmin’s systems with the WastedLocker ransomware. They demanded $10 million in ransom for the decryption key. Evil Corp. is reportedly behind the attack.

The attack forced Garmin to shut down its services temporarily for four days. They then announced that their services would be up and running. This prompted observers to speculate as to whether Garmin had paid the ransom or not. BleepingComputer, who was the first to confirm that it was a ransomware attack, is now reporting that Garmin must have paid the ransom.

Their reasoning has to do with the fact that the WastedLocker ransomware has no known weaknesses. The lack of which means that making a decryptor will be expensive. It is not clear whether Garmin paid the ransom in full, i.e., $10 million.

How the restoration works

The attackers would have sent Garmin a restoration package. This package will consist of security software installers, a decryption key, a WastedLocker Decryptor, and a script to run all of these. Garmin would have to run the package on their systems at which point the package will decrypt the system and install the security software.

Garmin ransom news
Garmin Restoration Package
Source : Bleeping Computer

BleepingComputer encrypted a virtual machine to test the decryptor. They found that the decryptor worked without any issues. They found that the decryptor in the restoration package had references to Emsisoft and Coveware. The former is a cybersecurity firm while the latter is a ransomware negotiation service. Hence, both declined to comment.

Evil Corp, the organisation, believed to be behind the attack, is already on the US’ Sanctions list. They have reportedly caused more than $100 million in damage to companies. The news comes barely a week after travel giant CWT allegedly gave in to demands and coughed up $4.5 million in ransom payments after a similar attack on its systems.

         All News