Garmin, the company well known for its activity trackers, smartwatches, and various devices for athletes, paid a multimillion-dollar ransom to cybercriminals who hacked into its internal security systems last month.
As a result of the failure, all of the company's online services were unavailable worldwide. The failure also affected the Garmin technical support call center, leaving users without a primary communication channel. Hackers shut down not only the Garmin Connect service but also some production lines in Asia and flyGarmin, Garmin's web service that supports the company's line of aviation navigational equipment.
Garmin paid the ransom in exchange for a key to decrypt files and resume access to its services. Garmin turned to Arete IR to get around US sanctions over a deal with hackers to pay the ransom.
The cybercriminals attacked Garmin systems using the WastedLocker ransomware virus, which, according to their assumptions, was made by the hacker group Evil Corp, associated with the Russian special services. The group came under US Treasury sanctions last December.
Arete IR said that the connection between the WastedLocker virus and the Russian company had not been proven.
The first mentions of the WastedLocker virus appeared in Fox-IT and Malwarebytes reports in July 2020. This virus creates encrypted files with the victim organization's name with the postscript "wasted," demanding a ransom from $500,000 to $10 million in bitcoins. One of the sources of the BleepingComputer edition reported that the attackers demanded $10 million from Garmin.