Reports coming through are that fitness brand Garmin has paid a ransom worth millions of dollars to the group that encrypted its data and forced it to shut down its systems. According to some sources, the deal was not made by Garmin directly but was brokered through a third party – ransomware negotiation business Arete Incident Response (Arete IR).
BleepingComputer reported last week that Garmin had received a decryption key to access data encrypted by the virus, and that the initial ransom demand was for $10 million.
Arete IR was reportedly Garmin’s second choice after the first choice refused to negotiate ransom payments for fear of contravening sanctions imposed by the US government. The US has strict rules against any of its citizens engaging in transactions with the entities tied to Evil Corp – which is widely believed to be behind the WastedLocker ransomware that was used in the Garmin attack.
The head of Evil Corp, Maksim Yakubets, has a $5-million FBI bounty on his head and is believed to be behind major attacks on American companies and the American banking system – with attacks on the banking system causing over $100 million in financial damages.
However, the US government has not made an official and public link between WastedLocker and the members of Evil Corp, due in part to the ransomware being developed after it issued its sanctions against Evil Corp. This makes the payment of Garmin’s ransom a grey area – while most believe that WastedLocker and Evil Corp are connected, there is no official confirmation thereof. Arete IR was willing to take the risk and has previously claimed that links between the WastedLocker ransomware and Evil Corp are not conclusive.
Businesses must be vigilant – Mimecast
Garmin was hit by this ransomware attack on 23 July and was forced to shut down most of its services as a result – including Garmin Connect, its aviation database services, and some of its Asian production lines.
In response to the attack, Head of e-crime at Mimecast Carl Wearn said that to minimise the threat of ransomware attacks, organisations must implement resiliency measures to preserve business-as-usual should the worst happen. “Non-networked backups and a fallback email and archiving process need to become standard security measures if organisations are to significantly mitigate ransomware threats,” said Wearn.
“This particular attack is also worrying because of the type of data that could be lost, including both location and personal health data. When consumers trust organisations with this data, it is absolutely vital that it is kept secure. Incidents like these can have devastating consequences for the reputation of an organisation.”