This is normally how a ransom attack goes: Services go down, cyberattackers request a large sum of money, the company techies get called in the middle of the night and restore services. We’ve all watched Mr Robot and that’s generally what happens. But sometimes, the only thing the company can do is pay the ransom to gain back control of its services.
And that’s reportedly what happened with the recent Garmin hack according to Sky News. Garmin suffered an outage in July that rendered a bunch of its services offline. We later found out that it was the victim of a cyberattack, but details were relatively scarce.
Now Sky News has reported that Garmin paid “multi-million dollar ransom” using a third-party company called Arete Incident Response in an effort to take back control of its online services.
All we know right now, is that some in-the-loop security researchers believe the WastedLocker ransomware that caused the outage was done by a Russian-based group of cybercriminals known as Evil Corp. At the time of writing, we don’t know whether Dr Doofenshmirtz is associated with the Evil Corp mentioned.
The US Treasury sanctioned that organisation last year, because apparently it developed and distributed some other malware called Dridex (-inator?). Interestingly though, the US sanction prohibits US people from engaging in transactions with Evil Corp or anyone associated with it.
But also, the company that helped Garmin out of this debacle, Arete Incident Response, suggested that WastedLocker was not conclusively the work of Evil Corp. At this point, there are too many maybe’s and what if’s to conclusively say that Garmin violated US sanctions, but at least it gained back control of its services.